partey_workadventure/maps/tests/Metadata/cowebsiteAllowApi.html
2021-06-28 16:13:38 +02:00

18 lines
703 B
HTML

<!doctype html>
<html lang="en">
<head>
<script>
var script = document.createElement('script');
// Don't do this at home kids! The "document.referrer" part is actually inserting a XSS security.
// We are OK in this precise case because the HTML page is hosted on the "maps" domain that contains only static files.
script.setAttribute('src', document.referrer + 'iframe_api.js');
document.head.appendChild(script);
</script>
</head>
<body>
<p>Website opened by script.</p>
<script>
WA.sendChatMessage('The iframe opened by a script works !', 'Mr Robot');
</script>
</body>
</html>