partey_workadventure/maps/tests/Metadata/cowebsiteAllowApi.html

<!doctype html>
<html lang="en">
    <head>
        <script>
            var script = document.createElement('script');
            // Don't do this at home kids! The "document.referrer" part is actually inserting a XSS security.
            // We are OK in this precise case because the HTML page is hosted on the "maps" domain that contains only static files.
            script.setAttribute('src', document.referrer + 'iframe_api.js');
            document.head.appendChild(script);
        </script>
    </head>
    <body>
    <p>Website opened by script.</p>
        <script>
            window.addEventListener('load', () => {
                WA.sendChatMessage('The iframe opened by a script works !', 'Mr Robot');
            })
        </script>
    </body>
</html>
Allow a website opened by script to use iframe_api 2021-06-28 15:55:30 +02:00			`<!doctype html>`
			`<html lang="en">`
			`<head>`
			`<script>`
Use dynamic Iframe API 2021-06-28 16:13:38 +02:00			`var script = document.createElement('script');`
			`// Don't do this at home kids! The "document.referrer" part is actually inserting a XSS security.`
			`// We are OK in this precise case because the HTML page is hosted on the "maps" domain that contains only static files.`
			`script.setAttribute('src', document.referrer + 'iframe_api.js');`
			`document.head.appendChild(script);`
Allow a website opened by script to use iframe_api 2021-06-28 15:55:30 +02:00			`</script>`
			`</head>`
			`<body>`
			`<p>Website opened by script.</p>`
			`<script>`
Add CHANGELOG and a map for test 2021-06-29 09:40:15 +02:00			`window.addEventListener('load', () => {`
			`WA.sendChatMessage('The iframe opened by a script works !', 'Mr Robot');`
			`})`
Allow a website opened by script to use iframe_api 2021-06-28 15:55:30 +02:00			`</script>`
			`</body>`
			`</html>`