$this->addModuleStyles( $parserOutput->getModuleStyles() );
$this->addModuleMessages( $parserOutput->getModuleMessages() );
$this->addJsConfigVars( $parserOutput->getJsConfigVars() );
+ $this->mPreventClickjacking = $this->mPreventClickjacking
+ || $parserOutput->preventClickjacking();
// Template versioning...
foreach ( (array)$parserOutput->getTemplateIds() as $ns => $dbks ) {
$this->mPreventClickjacking = false;
}
+ /**
+ * Get the prevent-clickjacking flag
+ *
+ * @since 1.24
+ * @return boolean
+ */
+ public function getPreventClickjacking() {
+ return $this->mPreventClickjacking;
+ }
+
/**
* Get the X-Frame-Options header value (without the name part), or false
* if there isn't one. This is used by Skin to determine whether to enable
private $mExtensionData = array(); # extra data used by extensions
private $mLimitReportData = array(); # Parser limit report data
private $mParseStartTime = array(); # Timestamps for getTimeSinceStart()
+ private $mPreventClickjacking = false; # Whether to emit X-Frame-Options: DENY
const EDITSECTION_REGEX =
'#<(?:mw:)?editsection page="(.*?)" section="(.*?)"(?:/>|>(.*?)(</(?:mw:)?editsection>))#';
$this->addJsConfigVars( $out->getJsConfigVars() );
$this->mHeadItems = array_merge( $this->mHeadItems, $out->getHeadItemsArray() );
+ $this->mPreventClickjacking = $this->mPreventClickjacking || $out->getPreventClickjacking();
}
/**
$this->mLimitReportData[$key] = $value;
}
+ /**
+ * Get or set the prevent-clickjacking flag
+ *
+ * @since 1.24
+ * @param boolean|null $flag New flag value, or null to leave it unchanged
+ * @return boolean Old flag value
+ */
+ public function preventClickjacking( $flag = null ) {
+ return wfSetVar( $this->mPreventClickjacking, $flag );
+ }
+
/**
* Save space for for serialization by removing useless values
*/