You are here

Home » API reference » Security Kit 8 » SecKitEventSubscriber.php » SecKitEventSubscriber

public function SecKitEventSubscriber::seckitJsCssNoscript in Security Kit 8

Same name and namespace in other branches
  1. 2.x src/EventSubscriber/SecKitEventSubscriber.php \Drupal\seckit\EventSubscriber\SecKitEventSubscriber::seckitJsCssNoscript()

Enables JavaScript + CSS + Noscript Clickjacking defense.

Closes inline JavaScript and allows loading of any inline HTML elements. After, it starts new inline JavaScript to avoid breaking syntax. We need it, because Drupal API doesn't allow to init HTML elements in desired sequence.

1 call to SecKitEventSubscriber::seckitJsCssNoscript()
SecKitEventSubscriber::onKernelResponse in src/EventSubscriber/SecKitEventSubscriber.php
Executes actions on the response event.

File

src/EventSubscriber/SecKitEventSubscriber.php, line 389

Class

SecKitEventSubscriber
Subscribing an event.

Namespace

Drupal\seckit\EventSubscriber

Code

public function seckitJsCssNoscript() {

  // @todo Consider batter solution?
  $content = $this->response
    ->getContent();
  $head_close_position = strpos($content, '</head>');
  if ($head_close_position) {
    $content = substr_replace($content, $this
      ->seckitGetJsCssNoscriptCode(), $head_close_position, 0);
    $this->response
      ->setContent($content);
  }
}