partey_workadventure/maps/tests/Metadata/setTiles.html
David Négrier 41fd848fa0 Fixed potential injection by switching map container to PHP
Some HTML files were importing iframe_api.js automatically by detecting the referrer document.

While this was done in a safe way (the map container does not use cookies), it is not
a best practice to load a script originating from document.referrer.

This PR solves the issue by using PHP to inject the correct domain name in the HTML files.
2021-11-29 19:05:13 +01:00

28 lines
1.0 KiB
HTML

<!doctype html>
<html lang="en">
<head>
<script src="<?php echo $_SERVER["FRONT_URL"] ?>/iframe_api.js"></script>
<script>
window.addEventListener('load', () => {
WA.room.setTiles([
{x: 0, y: 0, tile: 92, layer: 'setTiles'},
{x: 0, y: 2, tile: 'Red', layer: 'setTiles'},
{x: 0, y: 3, tile: 99, layer: 'setTiles'},
{x: 0, y: 5, tile: 117, layer: 'setTiles'},
{x: 0, y: 6, tile: 117, layer: 'setTiles'},
{x: 0, y: 9, tile: 74, layer: 'setTiles'}
]);
WA.room.setTiles([
{x: 6, y: 4, tile: 'blue', layer: 'setTiles'},
{x: 7, y: 4, tile: 109, layer: 'setTiles'},
{x: 8, y: 4, tile: 109, layer: 'setTiles'},
{x: 9, y: 4, tile: 'blue', layer: 'setTiles'}
]);
});
</script>
</head>
<body>
</body>
</html>