2021-08-27 10:34:03 +02:00
|
|
|
<!DOCTYPE html>
|
|
|
|
<html lang="en">
|
|
|
|
<head>
|
|
|
|
<meta charset="UTF-8">
|
|
|
|
<title>API in iframe menu</title>
|
|
|
|
<script>
|
|
|
|
var script = document.createElement('script');
|
|
|
|
// Don't do this at home kids! The "document.referrer" part is actually inserting a XSS security.
|
|
|
|
// We are OK in this precise case because the HTML page is hosted on the "maps" domain that contains only static files.
|
|
|
|
script.setAttribute('src', document.referrer + 'iframe_api.js');
|
|
|
|
document.head.appendChild(script);
|
|
|
|
window.addEventListener('load', () => {
|
|
|
|
WA.chat.sendChatMessage('The iframe opened by a script works !', 'Mr Robot');
|
|
|
|
})
|
|
|
|
</script>
|
|
|
|
</head>
|
2021-08-27 14:49:57 +02:00
|
|
|
<body style="text-align: center">
|
|
|
|
<p style="color: whitesmoke">This is an iframe in a custom menu.</p>
|
2021-08-27 10:34:03 +02:00
|
|
|
</body>
|
|
|
|
</html>
|