partey_workadventure/front/public/iframe.html

22 lines
836 B
HTML
Raw Normal View History

<!doctype html>
<html lang="en">
<head>
<script src="/iframe_api.js" ></script>
<script>
// Note: this is a huge XSS flow as we allow anyone to load a Javascript file in our domain.
// This file must ABSOLUTELY be removed from the Docker images/deployments and is only here
// for development purpose (because dynamically generated iframes are not working with
// webpack hot reload due to an issue with rights)
const urlParams = new URLSearchParams(window.location.search);
const scriptUrl = urlParams.get('script');
const script = document.createElement('script');
script.src = scriptUrl;
if (urlParams.get('moduleMode') === 'true') {
script.type = "module";
}
document.head.append(script);
</script>
</head>
</html>