Leahnaya/pokemon-showdown-client
1
0
Fork 0
mirror of https://github.com/smogon/pokemon-showdown-client.git synced 2026-05-09 04:23:01 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

Remove frame-bust, inject testclient flag for iframe embedding

Browse Source
This commit is contained in:
Fantastic-Fanta 2026-05-07 22:51:12 +08:00
parent a78a54c920
commit ba2ecbc808
1 changed files with 2 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
play.pokemonshowdown.com/index.template.html
View File

@ -38,6 +38,7 @@ https://psim.us/dev
<!--[if lte IE 8]><script>document.location.replace('http://pokemonshowdown.com/autodownload/win');</script><![endif]-->
<!-- head custom -->
<script>var Config = {testclient: true};</script>
<div id="header" class="header">
<img class="logo" src="//play.pokemonshowdown.com/pokemonshowdownbeta.png" srcset="//play.pokemonshowdown.com/pokemonshowdownbeta@2x.png 2x" alt="Pok&eacute;mon Showdown! (beta)" width="146" height="44" /><div class="maintabbarbottom"></div>
@ -110,15 +111,7 @@ https://psim.us/dev
<script src="//play.pokemonshowdown.com/data/graphics.js?"></script>
<script>
// framebust - see https://owasp.org/www-pdf-archive/OWASP_AppSec_Research_2010_Busting_Frame_Busting_by_Rydstedt.pdf
// should be robust against reflective XSS filters and navigation interception
var app;
if (self === top) {
app = new App();
} else {
LM.innerHTML += ' IN FRAME<br />Please visit Showdown directly.';
top.location = self.location;
}
var app = new App();
</script>
<script src="//play.pokemonshowdown.com/data/pokedex.js?"></script>