You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by de...@apache.org on 2017/09/17 12:29:30 UTC
[myfaces-trinidad] 04/10: TRINIDAD-2169 add framebusting support to
handle clickjacking attacks
This is an automated email from the ASF dual-hosted git repository.
deki pushed a commit to branch 2.0.0.1-branch
in repository https://gitbox.apache.org/repos/asf/myfaces-trinidad.git
commit e3d21508176e928d28c55b2704561fb5a2f0a32b
Author: Gabrielle Crawford <gc...@apache.org>
AuthorDate: Wed Mar 7 17:30:33 2012 +0000
TRINIDAD-2169 add framebusting support to handle clickjacking attacks
---
src/site/xdoc/devguide/configuration.xml | 26 ++++
.../trinidad-demo/src/main/webapp/WEB-INF/web.xml | 26 ++++
.../context/TrinidadPhaseListener.java | 30 +++-
.../renderkit/core/xhtml/BodyRenderer.java | 47 +++++++
.../trinidadinternal/util/FrameBustingUtils.java | 153 +++++++++++++++++++++
.../main/javascript/META-INF/adf/jsLibs/Page.js | 64 ++++++++-
.../trinidadinternal/resource/LoggerBundle.xrts | 3 +
.../renderkit/golden/body-minimal-golden.xml | 150 ++++++++++++++++++++
.../renderkit/golden/body-minimalIE-golden.xml | 150 ++++++++++++++++++++
.../renderkit/golden/body-minimalIERtl-golden.xml | 150 ++++++++++++++++++++
.../renderkit/golden/body-minimalInacc-golden.xml | 135 ++++++++++++++++++
.../renderkit/golden/body-minimalPPC-golden.xml | 150 ++++++++++++++++++++
.../renderkit/golden/body-minimalSaf-golden.xml | 150 ++++++++++++++++++++
.../renderkit/golden/body-minimalScrRdr-golden.xml | 150 ++++++++++++++++++++
14 files changed, 1381 insertions(+), 3 deletions(-)
diff --git a/src/site/xdoc/devguide/configuration.xml b/src/site/xdoc/devguide/configuration.xml
index 6009b52..2665765 100644
--- a/src/site/xdoc/devguide/configuration.xml
+++ b/src/site/xdoc/devguide/configuration.xml
@@ -351,6 +351,32 @@ Some Apache Trinidad configuration options are set instead with
<code><context-param></code> elements in your
<code>WEB-INF/web.xml</code>file.
</p>
+
+<subsection name="org.apache.myfaces.trinidad.security.FRAME_BUSTING">
+
+<p>
+The parameter "org.apache.myfaces.trinidad.security.FRAME_BUSTING" controls the framebusting feature.
+Framebusting stops content from running inside frames (meaning a frame or iframe tag).
+</p>
+<p>
+This context parameter is ignored when org.apache.myfaces.trinidad.util.ExternalContextUtils.isPortlet is true,
+and will behave as if the context parameter is set to 'never'.
+</p>
+<p>
+Possible values are:
+<ul>
+<li>differentOrigin - only bust frames if the an ancestor window origin and the
+ frame origin are different. If the ancestor windows and frame have
+ the same origin then allow the content to run in a frame. This is the default.
+</li>
+<li>always - always bust frames, meaning don't allow a page to be embedded in frames
+</li>
+<li>never - never bust frames, meaning always allow a page to be embedded in frames
+</li>
+</ul>
+</p>
+</subsection>
+
<subsection name="org.apache.myfaces.trinidad.CACHE_VIEW_ROOT">
<p>
Enables or disables UIViewRoot caching; defaults to true.
diff --git a/trinidad-examples/trinidad-demo/src/main/webapp/WEB-INF/web.xml b/trinidad-examples/trinidad-demo/src/main/webapp/WEB-INF/web.xml
index 3367507..531d526 100644
--- a/trinidad-examples/trinidad-demo/src/main/webapp/WEB-INF/web.xml
+++ b/trinidad-examples/trinidad-demo/src/main/webapp/WEB-INF/web.xml
@@ -34,6 +34,32 @@
<param-value>.jspx</param-value>
</context-param>
+
+
+ <context-param>
+ <!--description>
+ The parameter "org.apache.myfaces.trinidad.security.FRAME_BUSTING" controls
+ the framebusting feature. Framebusting stops content from running inside
+ frames (meaning a frame or iframe tag).
+
+ This context parameter is ignored when
+ org.apache.myfaces.trinidad.util.ExternalContextUtils.isPortlet is true,
+ and will behave as if the context parameter is set to 'never'.
+
+ Possible values are:
+
+ differentOrigin - only bust frames if the an ancestor window origin
+ and the frame origin are different. If the ancestor windows
+ and frame have the same origin then allow the content to run
+ in a frame. This is the default.
+ always - always bust frames, meaning don't allow a page to be embedded in frames
+ never - never bust frames, meaning always allow a page to be embedded in frames
+
+ </description-->
+ <param-name>org.apache.myfaces.trinidad.security.FRAME_BUSTING</param-name>
+ <param-value>differentOrigin</param-value>
+ </context-param>
+
<!-- Set to true for using the lightweight dialog feature -->
<context-param>
<param-name>org.apache.myfaces.trinidad.ENABLE_LIGHTWEIGHT_DIALOGS</param-name>
diff --git a/trinidad-impl/src/main/java/org/apache/myfaces/trinidadinternal/context/TrinidadPhaseListener.java b/trinidad-impl/src/main/java/org/apache/myfaces/trinidadinternal/context/TrinidadPhaseListener.java
index 6547d77..aa481f5 100644
--- a/trinidad-impl/src/main/java/org/apache/myfaces/trinidadinternal/context/TrinidadPhaseListener.java
+++ b/trinidad-impl/src/main/java/org/apache/myfaces/trinidadinternal/context/TrinidadPhaseListener.java
@@ -26,6 +26,9 @@ import javax.faces.event.PhaseListener;
import org.apache.myfaces.trinidadinternal.config.xmlHttp.XmlHttpConfigurator;
import org.apache.myfaces.trinidadinternal.renderkit.core.CoreRenderKit;
+import org.apache.myfaces.trinidad.context.RequestContext;
+import org.apache.myfaces.trinidadinternal.util.FrameBustingUtils;
+import org.apache.myfaces.trinidadinternal.util.FrameBustingUtils.FrameBustingParamValue;
/**
* Performs some trinidad logic and provides some hooks.
@@ -68,11 +71,14 @@ public class TrinidadPhaseListener implements PhaseListener
@SuppressWarnings("unchecked")
public void beforePhase(PhaseEvent event)
{
+
+ PhaseId phaseId = event.getPhaseId();
+
// Ensure that the implicit object gets created. In general,
// "restore view" would be sufficient, but someone can call
// renderResponse() before even calling Lifecycle.execute(),
// in which case RESTORE_VIEW doesn't actually run.
- if (event.getPhaseId() == PhaseId.RESTORE_VIEW)
+ if (phaseId == PhaseId.RESTORE_VIEW)
{
FacesContext context = event.getFacesContext();
ExternalContext ec = context.getExternalContext();
@@ -82,11 +88,31 @@ public class TrinidadPhaseListener implements PhaseListener
// If we've reached "apply request values", this is definitely a
// postback (the ViewHandler should have reached the same conclusion too,
// but make sure)
- else if (event.getPhaseId() == PhaseId.APPLY_REQUEST_VALUES)
+ else if (phaseId == PhaseId.APPLY_REQUEST_VALUES)
{
FacesContext context = event.getFacesContext();
markPostback(context);
}
+ else if (phaseId == PhaseId.RENDER_RESPONSE)
+ {
+ // add response headers for framebusting if needed
+
+ FacesContext context = event.getFacesContext();
+ FrameBustingParamValue frameBusting = FrameBustingUtils.getFrameBustingValue(context, RequestContext.getCurrentInstance());
+
+ if (! FrameBustingParamValue.FRAME_BUSTING_NEVER.equals(frameBusting))
+ {
+ // TODO: support CSP?
+ // https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html
+
+ // the X-Frame-Options header doesn't work on all browsers, but we're adding it anyway
+ String xFrameOptions = (FrameBustingParamValue.FRAME_BUSTING_ALWAYS.equals(frameBusting))
+ ? "deny"
+ : "sameorigin";
+
+ context.getExternalContext().addResponseHeader("X-Frame-Options", xFrameOptions);
+ }
+ }
}
diff --git a/trinidad-impl/src/main/java/org/apache/myfaces/trinidadinternal/renderkit/core/xhtml/BodyRenderer.java b/trinidad-impl/src/main/java/org/apache/myfaces/trinidadinternal/renderkit/core/xhtml/BodyRenderer.java
index 6ff7132..11a88ae 100644
--- a/trinidad-impl/src/main/java/org/apache/myfaces/trinidadinternal/renderkit/core/xhtml/BodyRenderer.java
+++ b/trinidad-impl/src/main/java/org/apache/myfaces/trinidadinternal/renderkit/core/xhtml/BodyRenderer.java
@@ -35,6 +35,8 @@ import org.apache.myfaces.trinidad.context.RequestContext;
import org.apache.myfaces.trinidad.render.ExtendedRenderKitService;
import org.apache.myfaces.trinidad.skin.Skin;
import org.apache.myfaces.trinidad.util.Service;
+import org.apache.myfaces.trinidadinternal.util.FrameBustingUtils;
+import org.apache.myfaces.trinidadinternal.util.FrameBustingUtils.FrameBustingParamValue;
/**
@@ -141,6 +143,10 @@ public class BodyRenderer extends PanelPartialRootRenderer
if (supportsScripting(rc))
{
+ // this sets display:none on body and removes it with javascript. If no javascript is supported,
+ // no need to render the script. (it breaks emailable page mode because display:none is never cleared)
+ _renderFrameBustingScript(context, rc);
+
_renderNoScript(context, rc);
_storeInitialFocus(rc, component, bean);
}
@@ -584,6 +590,47 @@ public class BodyRenderer extends PanelPartialRootRenderer
return "(" + versionInfo + apiSpecTitle + " - " + apiVersion + "/"
+ implSpecTitle + " - " + implVersion + ")";
}
+
+ private void _renderFrameBustingScript(
+ FacesContext context,
+ RenderingContext rc
+ ) throws IOException
+ {
+ // get the framebusting param set in web.xml
+ FrameBustingParamValue frameBusting = FrameBustingUtils.getFrameBustingValue(context, RequestContext.getCurrentInstance());
+
+ if (! FrameBustingParamValue.FRAME_BUSTING_NEVER.equals(frameBusting))
+ {
+ ResponseWriter out = context.getResponseWriter();
+
+ // Add a style to hide the body tag, if the framebusting code runs and decides it does not
+ // need to bust frames then it will remove the style dom node, which will make the content
+ // visible.
+ //
+ // We are using a style element instead of setting a style/class directly on the
+ // body tag because if we ever added a splash screen it would not show.
+ // We are setting an id on the style so that it can be removed on the client,
+ // which will make the content visible.
+ //
+ // We had previously tried to use javascript to add display:block to the
+ // style attribute of the body tag, but the style attribute of the body tag can get removed,
+ // for example when you do ppr nav or you ppr the document. Therefore we are now
+ // removing the style element on the client.
+ //
+ out.startElement("style", null);
+ // an id cannot start with an underscore
+ out.writeAttribute("id", "trinFrameBustStyle", null);
+ out.writeText("body {display:none}", null);
+ out.endElement("style");
+
+ out.startElement("script", null);
+ XhtmlRenderer.renderScriptTypeAttribute(context, rc);
+ out.writeText("TrPage.__frameBusting(\"", null);
+ out.writeText(frameBusting, null);
+ out.writeText("\");", null);
+ out.endElement("script");
+ }
+ }
private PropertyKey _firstClickPassedKey;
private PropertyKey _initialFocusIdKey;
diff --git a/trinidad-impl/src/main/java/org/apache/myfaces/trinidadinternal/util/FrameBustingUtils.java b/trinidad-impl/src/main/java/org/apache/myfaces/trinidadinternal/util/FrameBustingUtils.java
new file mode 100644
index 0000000..ed6f125
--- /dev/null
+++ b/trinidad-impl/src/main/java/org/apache/myfaces/trinidadinternal/util/FrameBustingUtils.java
@@ -0,0 +1,153 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.myfaces.trinidadinternal.util;
+
+
+import java.util.concurrent.ConcurrentMap;
+
+import javax.faces.context.FacesContext;
+
+import org.apache.myfaces.trinidad.util.ExternalContextUtils;
+
+import org.apache.myfaces.trinidad.context.RequestContext;
+import org.apache.myfaces.trinidad.logging.TrinidadLogger;
+
+/**
+ * @author Gabrielle Crawford
+ */
+public class FrameBustingUtils
+{
+
+ // This parameter controls the framebusting feature. framebusting stops content from
+ // running inside frames (meaning a frame or iframe tag).
+ //
+ // This context parameter is ignored when
+ // org.apache.myfaces.trinidad.util.ExternalContextUtils.isPortlet is true,
+ // and will behave as if the context parameter is set to 'never'.
+ //
+ // Possible values are:
+ // differentOrigin - only bust frames if the an ancestor window origin and the
+ // frame origin are different. If the ancestor windows and frame have
+ // the same origin then allow the content to run in a frame.
+ // This is the default.
+ // always - always bust frames, meaning don't allow a page to be embedded in frames
+ // never - never bust frames, meaning always allow a page to be embedded in frames
+ static public final String FRAME_BUSTING_PARAM = "org.apache.myfaces.trinidad.security.FRAME_BUSTING";
+
+ public static enum FrameBustingParamValue
+ {
+
+ FRAME_BUSTING_NEVER("never"),
+ FRAME_BUSTING_ALWAYS("always"),
+ FRAME_BUSTING_DIFFERENT_ORIGIN("differentOrigin");
+
+ FrameBustingParamValue(String value)
+ {
+ _value = value;
+ }
+
+ /**
+ * toString returns the vary-type value.
+ * @return the vary-type value.
+ */
+ public String toString()
+ {
+ return _value;
+ }
+
+ public String displayName()
+ {
+ return _value;
+ }
+
+ private String _value;
+
+ public static FrameBustingParamValue valueOfDisplayName(String displayName)
+ {
+ if (FRAME_BUSTING_NEVER.displayName().equalsIgnoreCase(displayName))
+ return FRAME_BUSTING_NEVER;
+ else if (FRAME_BUSTING_ALWAYS.displayName().equalsIgnoreCase(displayName))
+ return FRAME_BUSTING_ALWAYS;
+ else if (FRAME_BUSTING_DIFFERENT_ORIGIN.displayName().equalsIgnoreCase(displayName))
+ return FRAME_BUSTING_DIFFERENT_ORIGIN;
+
+ return null;
+ }
+
+ }
+
+ public static FrameBustingParamValue getFrameBustingValue(FacesContext context, RequestContext reqContext)
+ {
+ // Act as if the value is never if
+ // 1. we're doing ppr, we should only need to bust frames on a full page render
+ // 2. if we're in a portal
+ // Portals have a concept of producers and consumers.
+ // The main page is the consumer, and the portlets inside that page are the producers.
+ // Producer content can only be accessed by trusted consumers.
+ //
+ // The consumer page can set the context param as needed,
+ // but the producers will not do framebusting.
+ // In other words when ExternalContextUtils.isPortlet is true we will behave as if
+ // the context param is set to 'never'.
+ if ( reqContext.isPartialRequest(context) ||
+ ExternalContextUtils.isPortlet(context.getExternalContext()))
+ {
+ return FrameBustingParamValue.FRAME_BUSTING_NEVER;
+ }
+
+ ConcurrentMap<String, Object> appMap = reqContext.getApplicationScopedConcurrentMap();
+ FrameBustingParamValue frameBusting = (FrameBustingParamValue)appMap.get(FRAME_BUSTING_PARAM);
+
+ if (frameBusting == null)
+ {
+ String frameBustingString = context.getExternalContext().getInitParameter(FRAME_BUSTING_PARAM);
+
+ if (frameBustingString == null)
+ {
+ frameBusting = FrameBustingParamValue.FRAME_BUSTING_DIFFERENT_ORIGIN;
+ }
+ else
+ {
+ frameBusting = FrameBustingParamValue.valueOfDisplayName(frameBustingString);
+
+ if (frameBusting == null)
+ {
+ frameBusting = FrameBustingParamValue.FRAME_BUSTING_DIFFERENT_ORIGIN;
+
+ // if the context param was set but does not match a known legal value then log a warning
+ _LOG.warning("UNKNOWN_FRAME_BUSTING_VALUE");
+ }
+ }
+
+ appMap.put(FRAME_BUSTING_PARAM, frameBusting);
+ }
+
+ return frameBusting;
+ }
+
+ public static void overrideFrameBustingValue(RequestContext reqContext, FrameBustingParamValue frameBusting)
+ {
+ ConcurrentMap<String, Object> appMap = reqContext.getApplicationScopedConcurrentMap();
+ appMap.put(FRAME_BUSTING_PARAM, frameBusting);
+ }
+
+
+ static private final TrinidadLogger _LOG =
+ TrinidadLogger.createTrinidadLogger(FrameBustingUtils.class);
+}
diff --git a/trinidad-impl/src/main/javascript/META-INF/adf/jsLibs/Page.js b/trinidad-impl/src/main/javascript/META-INF/adf/jsLibs/Page.js
index cfe89ba..9eb6cff 100644
--- a/trinidad-impl/src/main/javascript/META-INF/adf/jsLibs/Page.js
+++ b/trinidad-impl/src/main/javascript/META-INF/adf/jsLibs/Page.js
@@ -1019,4 +1019,66 @@ TrPage.prototype._getDomToBeUpdated = function (status, responseXML)
}
return oldElements;
-}
\ No newline at end of file
+}
+
+
+// static method called on server
+TrPage.__frameBusting = function(frameBusting)
+{
+
+ if ( !(self == top || frameBusting == "never"))
+ {
+ if (frameBusting == "always")
+ {
+ top.location.href = location.href;
+ }
+ else
+ {
+ var topNotProcessed = true;
+ var parentWindow = parent;
+
+ while (topNotProcessed)
+ {
+ try
+ {
+ // if we have a different origin parentWindow.location.href will throw an exception
+ // in firefox and IE
+ var parentWindowLocation = parentWindow.location.href;
+
+ // in safari and google chrome no exception is thrown for referring to
+ // parentWindow.location.href, instead the parent window location is undefined
+ if (parentWindowLocation == null)
+ {
+ top.location.href = location.href;
+ return;
+ }
+ }
+ catch(e)
+ {
+ // the content has different origin, redirect
+ top.location.href = location.href;
+ return;
+ }
+
+ if (parentWindow == top)
+ topNotProcessed = false;
+
+ parentWindow = parentWindow.parent;
+ }
+ }
+ }
+
+ // we didn't end up framebusting, so show the content
+ //
+ // We had previously tried to use javascript to add display:block to the
+ // style attribute of the body tag, but the style attribute of the body tag can get removed,
+ // for example when you do ppr nav or you ppr the document. Therefore we are now
+ // removing the style element on the client.
+ var styleNode = document.getElementById("trinFrameBustStyle");
+
+ if (styleNode)
+ {
+ styleNode.parentNode.removeChild(styleNode);
+ }
+}
+
diff --git a/trinidad-impl/src/main/xrts/org/apache/myfaces/trinidadinternal/resource/LoggerBundle.xrts b/trinidad-impl/src/main/xrts/org/apache/myfaces/trinidadinternal/resource/LoggerBundle.xrts
index 154365e..b9e09c2 100644
--- a/trinidad-impl/src/main/xrts/org/apache/myfaces/trinidadinternal/resource/LoggerBundle.xrts
+++ b/trinidad-impl/src/main/xrts/org/apache/myfaces/trinidadinternal/resource/LoggerBundle.xrts
@@ -27,6 +27,9 @@
<!-- UNKNOWN_AGENT_TYPE_CREATE_WITH_NULL -->
<resource key="UNKNOWN_AGENT_TYPE_CREATE_WITH_NULL">The agent type is unknown; creating an agent with null agent attributes.</resource>
+<!-- UNKNOWN_FRAME_BUSTING_VALUE -->
+<resource key="UNKNOWN_FRAME_BUSTING_VALUE">The web.xml context param org.apache.myfaces.trinidad.security.FRAME_BUSTING is set to an unknow value, the legal value are 'never', 'always', or 'differentOrigin'.</resource>
+
<!-- CANNOT_GET_CAPABILITIES -->
<resource key="CANNOT_GET_CAPABILITIES">could not get capabilities from capabilities document</resource>
diff --git a/trinidad-impl/src/test/resources/org/apache/myfaces/trinidadinternal/renderkit/golden/body-minimal-golden.xml b/trinidad-impl/src/test/resources/org/apache/myfaces/trinidadinternal/renderkit/golden/body-minimal-golden.xml
index 9fb66d2..d23c4e3 100644
--- a/trinidad-impl/src/test/resources/org/apache/myfaces/trinidadinternal/renderkit/golden/body-minimal-golden.xml
+++ b/trinidad-impl/src/test/resources/org/apache/myfaces/trinidadinternal/renderkit/golden/body-minimal-golden.xml
@@ -10,6 +10,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -33,6 +43,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -57,6 +77,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -81,6 +111,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -105,6 +145,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -129,6 +179,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -153,6 +213,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -177,6 +247,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -200,6 +280,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -224,6 +314,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -248,6 +348,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -272,6 +382,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -296,6 +416,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -320,6 +450,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -343,6 +483,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
diff --git a/trinidad-impl/src/test/resources/org/apache/myfaces/trinidadinternal/renderkit/golden/body-minimalIE-golden.xml b/trinidad-impl/src/test/resources/org/apache/myfaces/trinidadinternal/renderkit/golden/body-minimalIE-golden.xml
index 9fb66d2..d23c4e3 100644
--- a/trinidad-impl/src/test/resources/org/apache/myfaces/trinidadinternal/renderkit/golden/body-minimalIE-golden.xml
+++ b/trinidad-impl/src/test/resources/org/apache/myfaces/trinidadinternal/renderkit/golden/body-minimalIE-golden.xml
@@ -10,6 +10,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -33,6 +43,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -57,6 +77,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -81,6 +111,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -105,6 +145,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -129,6 +179,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -153,6 +213,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -177,6 +247,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -200,6 +280,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -224,6 +314,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -248,6 +348,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -272,6 +382,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -296,6 +416,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -320,6 +450,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -343,6 +483,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
diff --git a/trinidad-impl/src/test/resources/org/apache/myfaces/trinidadinternal/renderkit/golden/body-minimalIERtl-golden.xml b/trinidad-impl/src/test/resources/org/apache/myfaces/trinidadinternal/renderkit/golden/body-minimalIERtl-golden.xml
index 9fb66d2..d23c4e3 100644
--- a/trinidad-impl/src/test/resources/org/apache/myfaces/trinidadinternal/renderkit/golden/body-minimalIERtl-golden.xml
+++ b/trinidad-impl/src/test/resources/org/apache/myfaces/trinidadinternal/renderkit/golden/body-minimalIERtl-golden.xml
@@ -10,6 +10,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -33,6 +43,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -57,6 +77,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -81,6 +111,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -105,6 +145,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -129,6 +179,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -153,6 +213,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -177,6 +247,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -200,6 +280,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -224,6 +314,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -248,6 +348,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -272,6 +382,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -296,6 +416,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -320,6 +450,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -343,6 +483,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
diff --git a/trinidad-impl/src/test/resources/org/apache/myfaces/trinidadinternal/renderkit/golden/body-minimalInacc-golden.xml b/trinidad-impl/src/test/resources/org/apache/myfaces/trinidadinternal/renderkit/golden/body-minimalInacc-golden.xml
index 7375e3b..8015796 100644
--- a/trinidad-impl/src/test/resources/org/apache/myfaces/trinidadinternal/renderkit/golden/body-minimalInacc-golden.xml
+++ b/trinidad-impl/src/test/resources/org/apache/myfaces/trinidadinternal/renderkit/golden/body-minimalInacc-golden.xml
@@ -10,6 +10,15 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<span
id="id_text"
>
@@ -29,6 +38,15 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<span
id="id_text"
>
@@ -49,6 +67,15 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<span
id="id_text"
>
@@ -69,6 +96,15 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<span
id="id_text"
>
@@ -89,6 +125,15 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<span
id="id_text"
>
@@ -109,6 +154,15 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<span
id="id_text"
>
@@ -129,6 +183,15 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<span
id="id_text"
>
@@ -149,6 +212,15 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<span
id="id_text"
>
@@ -168,6 +240,15 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<span
id="id_text"
>
@@ -188,6 +269,15 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<span
id="id_text"
>
@@ -208,6 +298,15 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<span
id="id_text"
>
@@ -228,6 +327,15 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<span
id="id_text"
>
@@ -248,6 +356,15 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<span
id="id_text"
>
@@ -268,6 +385,15 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<span
id="id_text"
>
@@ -287,6 +413,15 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<span
id="id_text"
>
diff --git a/trinidad-impl/src/test/resources/org/apache/myfaces/trinidadinternal/renderkit/golden/body-minimalPPC-golden.xml b/trinidad-impl/src/test/resources/org/apache/myfaces/trinidadinternal/renderkit/golden/body-minimalPPC-golden.xml
index 9944a57..a9a880d 100644
--- a/trinidad-impl/src/test/resources/org/apache/myfaces/trinidadinternal/renderkit/golden/body-minimalPPC-golden.xml
+++ b/trinidad-impl/src/test/resources/org/apache/myfaces/trinidadinternal/renderkit/golden/body-minimalPPC-golden.xml
@@ -9,6 +9,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -31,6 +41,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -54,6 +74,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -77,6 +107,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -100,6 +140,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -123,6 +173,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -146,6 +206,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -169,6 +239,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -191,6 +271,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -214,6 +304,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -237,6 +337,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -260,6 +370,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -283,6 +403,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -306,6 +436,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -329,6 +469,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
diff --git a/trinidad-impl/src/test/resources/org/apache/myfaces/trinidadinternal/renderkit/golden/body-minimalSaf-golden.xml b/trinidad-impl/src/test/resources/org/apache/myfaces/trinidadinternal/renderkit/golden/body-minimalSaf-golden.xml
index 9fb66d2..d23c4e3 100644
--- a/trinidad-impl/src/test/resources/org/apache/myfaces/trinidadinternal/renderkit/golden/body-minimalSaf-golden.xml
+++ b/trinidad-impl/src/test/resources/org/apache/myfaces/trinidadinternal/renderkit/golden/body-minimalSaf-golden.xml
@@ -10,6 +10,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -33,6 +43,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -57,6 +77,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -81,6 +111,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -105,6 +145,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -129,6 +179,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -153,6 +213,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -177,6 +247,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -200,6 +280,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -224,6 +314,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -248,6 +348,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -272,6 +382,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -296,6 +416,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -320,6 +450,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -343,6 +483,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
diff --git a/trinidad-impl/src/test/resources/org/apache/myfaces/trinidadinternal/renderkit/golden/body-minimalScrRdr-golden.xml b/trinidad-impl/src/test/resources/org/apache/myfaces/trinidadinternal/renderkit/golden/body-minimalScrRdr-golden.xml
index 9fb66d2..d23c4e3 100644
--- a/trinidad-impl/src/test/resources/org/apache/myfaces/trinidadinternal/renderkit/golden/body-minimalScrRdr-golden.xml
+++ b/trinidad-impl/src/test/resources/org/apache/myfaces/trinidadinternal/renderkit/golden/body-minimalScrRdr-golden.xml
@@ -10,6 +10,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -33,6 +43,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -57,6 +77,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -81,6 +111,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -105,6 +145,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -129,6 +179,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -153,6 +213,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -177,6 +247,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -200,6 +280,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -224,6 +314,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -248,6 +348,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -272,6 +382,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -296,6 +416,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -320,6 +450,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
@@ -343,6 +483,16 @@
>
</a>
+ <style
+ id="trinFrameBustStyle"
+ >
+ body {display:none}
+ </style>
+ <script
+ type="text/javascript"
+ >
+ TrPage.__frameBusting("differentOrigin");
+ </script>
<noscript
>
This page uses JavaScript and requires a JavaScript enabled browser.Your browser is not JavaScript enabled.
--
To stop receiving notification emails like this one, please contact
"commits@myfaces.apache.org" <co...@myfaces.apache.org>.