lbehm/workadventure
1
0
Fork 0
Code Issues Pull requests Releases Activity

Fixed potential injection by switching map container to PHP

Browse source 
Some HTML files were importing iframe_api.js automatically by detecting the referrer document.

While this was done in a safe way (the map container does not use cookies), it is not
a best practice to load a script originating from document.referrer.

This PR solves the issue by using PHP to inject the correct domain name in the HTML files.
This commit is contained in:
David Négrier 2021-11-29 19:05:13 +01:00
parent 233c3d1abe
commit 41fd848fa0
27 changed files with 167 additions and 204 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
deeployer.libsonnet
View file

@ -101,7 +101,10 @@
"host": { "host": {
"url": "maps-"+url "url": "maps-"+url
}, },
"ports": [80] "ports": [80],
"env": {
"FRONT_URL": "https://play-"+url
}
}, },
"redis": { "redis": {
"image": "redis:6", "image": "redis:6",

3
docker-compose.single-domain.yaml
View file

@ -92,11 +92,12 @@ services:
- "traefik.http.routers.pusher-ssl.service=pusher" - "traefik.http.routers.pusher-ssl.service=pusher"
maps: maps:
image: thecodingmachine/nodejs:12-apache image: thecodingmachine/php:8.1-v4-apache-node12
environment: environment:
DEBUG_MODE: "$DEBUG_MODE" DEBUG_MODE: "$DEBUG_MODE"
HOST: "0.0.0.0" HOST: "0.0.0.0"
NODE_ENV: development NODE_ENV: development
FRONT_URL: http://play.workadventure.localhost
#APACHE_DOCUMENT_ROOT: dist/ #APACHE_DOCUMENT_ROOT: dist/
#APACHE_EXTENSIONS: headers #APACHE_EXTENSIONS: headers
#APACHE_EXTENSION_HEADERS: 1 #APACHE_EXTENSION_HEADERS: 1

3
docker-compose.yaml
View file

@ -96,11 +96,12 @@ services:
- "traefik.http.routers.pusher-ssl.service=pusher" - "traefik.http.routers.pusher-ssl.service=pusher"
maps: maps:
image: thecodingmachine/nodejs:12-apache image: thecodingmachine/php:8.1-v4-apache-node12
environment: environment:
DEBUG_MODE: "$DEBUG_MODE" DEBUG_MODE: "$DEBUG_MODE"
HOST: "0.0.0.0" HOST: "0.0.0.0"
NODE_ENV: development NODE_ENV: development
FRONT_URL: http://play.workadventure.localhost
#APACHE_DOCUMENT_ROOT: dist/ #APACHE_DOCUMENT_ROOT: dist/
#APACHE_EXTENSIONS: headers #APACHE_EXTENSIONS: headers
#APACHE_EXTENSION_HEADERS: 1 #APACHE_EXTENSION_HEADERS: 1

10
maps/tests/EmbeddedWebsite/website_in_map_script.json
View file

@ -12,8 +12,8 @@
{ {
"name":"openWebsite", "name":"openWebsite",
"type":"string", "type":"string",
"value":"website_in_map_script.html" "value":"website_in_map_script.php"
}, },
{ {
"name":"openWebsiteAllowApi", "name":"openWebsiteAllowApi",
"type":"bool", "type":"bool",
@ -24,7 +24,7 @@
"width":30, "width":30,
"x":0, "x":0,
"y":0 "y":0
}, },
{ {
"data":[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 12, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0], "data":[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 12, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0],
"height":30, "height":30,
@ -36,7 +36,7 @@
"width":30, "width":30,
"x":0, "x":0,
"y":0 "y":0
}, },
{ {
"draworder":"topdown", "draworder":"topdown",
"id":3, "id":3,
@ -90,4 +90,4 @@
"type":"map", "type":"map",
"version":1.5, "version":1.5,
"width":30 "width":30
} }

6
maps/tests/EmbeddedWebsite/website_in_map_script.html → maps/tests/EmbeddedWebsite/website_in_map_script.php
View file

@ -1,12 +1,8 @@
<!doctype html> <!doctype html>
<html lang="en"> <html lang="en">
<head> <head>
<script src="<?php echo $_SERVER["FRONT_URL"] ?>/iframe_api.js"></script>
<script> <script>
var script = document.createElement('script');
// Don't do this at home kids! The "document.referrer" part is actually inserting a XSS security.
// We are OK in this precise case because the HTML page is hosted on the "maps" domain that contains only static files.
script.setAttribute('src', document.referrer + 'iframe_api.js');
document.head.appendChild(script);
window.addEventListener('load', () => { window.addEventListener('load', () => {
console.log('On load'); console.log('On load');
WA.onInit().then(() => { WA.onInit().then(() => {

18
maps/tests/Metadata/cowebsiteAllowApi.html
View file

@ -1,18 +0,0 @@
<!doctype html>
<html lang="en">
<head>
<script>
var script = document.createElement('script');
// Don't do this at home kids! The "document.referrer" part is actually inserting a XSS security.
// We are OK in this precise case because the HTML page is hosted on the "maps" domain that contains only static files.
script.setAttribute('src', document.referrer + 'iframe_api.js');
document.head.appendChild(script);
window.addEventListener('load', () => {
WA.chat.sendChatMessage('The iframe opened by a script works !', 'Mr Robot');
})
</script>
</head>
<body>
<p>Website opened by script.</p>
</body>
</html>

2
maps/tests/Metadata/cowebsiteAllowApi.js
View file

@ -1 +1 @@
WA.nav.openCoWebSite("cowebsiteAllowApi.html", true, ""); WA.nav.openCoWebSite("cowebsiteAllowApi.php", true, "");

14
maps/tests/Metadata/cowebsiteAllowApi.php Normal file
View file

@ -0,0 +1,14 @@
<!doctype html>
<html lang="en">
<head>
<script src="<?php echo $_SERVER["FRONT_URL"] ?>/iframe_api.js"></script>
<script>
window.addEventListener('load', () => {
WA.chat.sendChatMessage('The iframe opened by a script works !', 'Mr Robot');
})
</script>
</head>
<body>
<p>Website opened by script.</p>
</body>
</html>

20
maps/tests/Metadata/customIframeMenuApi.html
View file

@ -1,20 +0,0 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>API in iframe menu</title>
<script>
var script = document.createElement('script');
// Don't do this at home kids! The "document.referrer" part is actually inserting a XSS security.
// We are OK in this precise case because the HTML page is hosted on the "maps" domain that contains only static files.
script.setAttribute('src', document.referrer + 'iframe_api.js');
document.head.appendChild(script);
window.addEventListener('load', () => {
WA.chat.sendChatMessage('The iframe opened by a script works !', 'Mr Robot');
})
</script>
</head>
<body style="text-align: center">
<p style="color: whitesmoke">This is an iframe in a custom menu.</p>
</body>
</html>

16
maps/tests/Metadata/customIframeMenuApi.php Normal file
View file

@ -0,0 +1,16 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>API in iframe menu</title>
<script src="<?php echo $_SERVER["FRONT_URL"] ?>/iframe_api.js"></script>
<script>
window.addEventListener('load', () => {
WA.chat.sendChatMessage('The iframe opened by a script works !', 'Mr Robot');
})
</script>
</head>
<body style="text-align: center">
<p style="color: whitesmoke">This is an iframe in a custom menu.</p>
</body>
</html>

18
maps/tests/Metadata/customMenu.html
View file

@ -1,18 +0,0 @@
<!doctype html>
<html lang="en">
<head>
<script>
var script = document.createElement('script');
// Don't do this at home kids! The "document.referrer" part is actually inserting a XSS security.
// We are OK in this precise case because the HTML page is hosted on the "maps" domain that contains only static files.
script.setAttribute('src', document.referrer + 'iframe_api.js');
document.head.appendChild(script);
window.addEventListener('load', () => {
WA.ui.registerMenuCommand('test', 'customIframeMenu.html', {autoClose: true});
})
</script>
</head>
<body>
<p>Add a custom menu</p>
</body>
</html>

4
maps/tests/Metadata/customMenu.js
View file

@ -7,9 +7,9 @@ WA.ui.registerMenuCommand('custom callback menu', () => {
WA.ui.registerMenuCommand('custom iframe menu', {iframe: 'customIframeMenu.html'}); WA.ui.registerMenuCommand('custom iframe menu', {iframe: 'customIframeMenu.html'});
WA.room.onEnterZone('iframeMenu', () => { WA.room.onEnterZone('iframeMenu', () => {
menuIframeApi = WA.ui.registerMenuCommand('IFRAME USE API', {iframe: 'customIframeMenuApi.html', allowApi: true}); menuIframeApi = WA.ui.registerMenuCommand('IFRAME USE API', {iframe: 'customIframeMenuApi.php', allowApi: true});
}) })
WA.room.onLeaveZone('iframeMenu', () => { WA.room.onLeaveZone('iframeMenu', () => {
menuIframeApi.remove(); menuIframeApi.remove();
}) })

4
maps/tests/Metadata/customMenu.json
View file

@ -54,7 +54,7 @@
{ {
"name":"openWebsite", "name":"openWebsite",
"type":"string", "type":"string",
"value":"customMenu.html" "value":"customMenu.php"
}, },
{ {
"name":"openWebsiteAllowApi", "name":"openWebsiteAllowApi",
@ -97,4 +97,4 @@
"type":"map", "type":"map",
"version":"1.6", "version":"1.6",
"width":10 "width":10
} }

14
maps/tests/Metadata/customMenu.php Normal file
View file

@ -0,0 +1,14 @@
<!doctype html>
<html lang="en">
<head>
<script src="<?php echo $_SERVER["FRONT_URL"] ?>/iframe_api.js"></script>
<script>
window.addEventListener('load', () => {
WA.ui.registerMenuCommand('test', 'customIframeMenu.html', {autoClose: true});
})
</script>
</head>
<body>
<p>Add a custom menu</p>
</body>
</html>

18
maps/tests/Metadata/playerMove.html
View file

@ -1,18 +0,0 @@
<!doctype html>
<html lang="en">
<head>
<script>
var script = document.createElement('script');
// Don't do this at home kids! The "document.referrer" part is actually inserting a XSS security.
// We are OK in this precise case because the HTML page is hosted on the "maps" domain that contains only static files.
script.setAttribute('src', document.referrer + 'iframe_api.js');
document.head.appendChild(script);
window.addEventListener('load', () => {
WA.player.onPlayerMove(console.log);
})
</script>
</head>
<body>
<p>Log in the console the movement of the current player in the zone of the iframe</p>
</body>
</html>

42
maps/tests/Metadata/playerMove.json
View file

@ -13,7 +13,7 @@
"width":10, "width":10,
"x":0, "x":0,
"y":0 "y":0
}, },
{ {
"data":[33, 34, 34, 34, 34, 34, 34, 34, 34, 35, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 49, 50, 50, 50, 50, 50, 50, 50, 50, 51], "data":[33, 34, 34, 34, 34, 34, 34, 34, 34, 35, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 49, 50, 50, 50, 50, 50, 50, 50, 50, 51],
"height":10, "height":10,
@ -25,7 +25,7 @@
"width":10, "width":10,
"x":0, "x":0,
"y":0 "y":0
}, },
{ {
"data":[0, 0, 0, 128, 128, 128, 128, 128, 128, 128, 0, 0, 0, 128, 128, 128, 128, 128, 128, 128, 0, 0, 0, 128, 128, 128, 128, 128, 128, 128, 0, 0, 0, 128, 128, 128, 128, 128, 128, 128, 0, 0, 0, 128, 128, 128, 128, 128, 128, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0], "data":[0, 0, 0, 128, 128, 128, 128, 128, 128, 128, 0, 0, 0, 128, 128, 128, 128, 128, 128, 128, 0, 0, 0, 128, 128, 128, 128, 128, 128, 128, 0, 0, 0, 128, 128, 128, 128, 128, 128, 128, 0, 0, 0, 128, 128, 128, 128, 128, 128, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0],
"height":10, "height":10,
@ -36,8 +36,8 @@
{ {
"name":"openWebsite", "name":"openWebsite",
"type":"string", "type":"string",
"value":"playerMove.html" "value":"playerMove.php"
}, },
{ {
"name":"openWebsiteAllowApi", "name":"openWebsiteAllowApi",
"type":"bool", "type":"bool",
@ -48,7 +48,7 @@
"width":10, "width":10,
"x":0, "x":0,
"y":0 "y":0
}, },
{ {
"draworder":"topdown", "draworder":"topdown",
"id":5, "id":5,
@ -105,7 +105,7 @@
"type":"bool", "type":"bool",
"value":true "value":true
}] }]
}, },
{ {
"id":1, "id":1,
"properties":[ "properties":[
@ -114,7 +114,7 @@
"type":"bool", "type":"bool",
"value":true "value":true
}] }]
}, },
{ {
"id":2, "id":2,
"properties":[ "properties":[
@ -123,7 +123,7 @@
"type":"bool", "type":"bool",
"value":true "value":true
}] }]
}, },
{ {
"id":3, "id":3,
"properties":[ "properties":[
@ -132,7 +132,7 @@
"type":"bool", "type":"bool",
"value":true "value":true
}] }]
}, },
{ {
"id":4, "id":4,
"properties":[ "properties":[
@ -141,7 +141,7 @@
"type":"bool", "type":"bool",
"value":true "value":true
}] }]
}, },
{ {
"id":8, "id":8,
"properties":[ "properties":[
@ -150,7 +150,7 @@
"type":"bool", "type":"bool",
"value":true "value":true
}] }]
}, },
{ {
"id":9, "id":9,
"properties":[ "properties":[
@ -159,7 +159,7 @@
"type":"bool", "type":"bool",
"value":true "value":true
}] }]
}, },
{ {
"id":10, "id":10,
"properties":[ "properties":[
@ -168,7 +168,7 @@
"type":"bool", "type":"bool",
"value":true "value":true
}] }]
}, },
{ {
"id":11, "id":11,
"properties":[ "properties":[
@ -177,7 +177,7 @@
"type":"bool", "type":"bool",
"value":true "value":true
}] }]
}, },
{ {
"id":12, "id":12,
"properties":[ "properties":[
@ -186,7 +186,7 @@
"type":"bool", "type":"bool",
"value":true "value":true
}] }]
}, },
{ {
"id":16, "id":16,
"properties":[ "properties":[
@ -195,7 +195,7 @@
"type":"bool", "type":"bool",
"value":true "value":true
}] }]
}, },
{ {
"id":17, "id":17,
"properties":[ "properties":[
@ -204,7 +204,7 @@
"type":"bool", "type":"bool",
"value":true "value":true
}] }]
}, },
{ {
"id":18, "id":18,
"properties":[ "properties":[
@ -213,7 +213,7 @@
"type":"bool", "type":"bool",
"value":true "value":true
}] }]
}, },
{ {
"id":19, "id":19,
"properties":[ "properties":[
@ -222,7 +222,7 @@
"type":"bool", "type":"bool",
"value":true "value":true
}] }]
}, },
{ {
"id":20, "id":20,
"properties":[ "properties":[
@ -233,7 +233,7 @@
}] }]
}], }],
"tilewidth":32 "tilewidth":32
}, },
{ {
"columns":8, "columns":8,
"firstgid":65, "firstgid":65,
@ -251,4 +251,4 @@
"type":"map", "type":"map",
"version":1.4, "version":1.4,
"width":10 "width":10
} }

14
maps/tests/Metadata/playerMove.php Normal file
View file

@ -0,0 +1,14 @@
<!doctype html>
<html lang="en">
<head>
<script src="<?php echo $_SERVER["FRONT_URL"] ?>/iframe_api.js"></script>
<script>
window.addEventListener('load', () => {
WA.player.onPlayerMove(console.log);
})
</script>
</head>
<body>
<p>Log in the console the movement of the current player in the zone of the iframe</p>
</body>
</html>

44
maps/tests/Metadata/setProperty.json
View file

@ -13,7 +13,7 @@
"width":10, "width":10,
"x":0, "x":0,
"y":0 "y":0
}, },
{ {
"data":[33, 34, 34, 34, 34, 34, 34, 34, 34, 35, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 49, 50, 50, 50, 50, 50, 50, 50, 50, 51], "data":[33, 34, 34, 34, 34, 34, 34, 34, 34, 35, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 49, 50, 50, 50, 50, 50, 50, 50, 50, 51],
"height":10, "height":10,
@ -25,7 +25,7 @@
"width":10, "width":10,
"x":0, "x":0,
"y":0 "y":0
}, },
{ {
"data":[0, 0, 0, 0, 0, 0, 128, 128, 128, 128, 0, 0, 0, 0, 0, 0, 128, 128, 128, 128, 0, 0, 0, 0, 0, 0, 128, 128, 128, 128, 0, 0, 0, 0, 0, 0, 128, 128, 128, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0], "data":[0, 0, 0, 0, 0, 0, 128, 128, 128, 128, 0, 0, 0, 0, 0, 0, 128, 128, 128, 128, 0, 0, 0, 0, 0, 0, 128, 128, 128, 128, 0, 0, 0, 0, 0, 0, 128, 128, 128, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0],
"height":10, "height":10,
@ -36,8 +36,8 @@
{ {
"name":"openWebsite", "name":"openWebsite",
"type":"string", "type":"string",
"value":"setProperty.html" "value":"setProperty.php"
}, },
{ {
"name":"openWebsiteAllowApi", "name":"openWebsiteAllowApi",
"type":"bool", "type":"bool",
@ -48,7 +48,7 @@
"width":10, "width":10,
"x":0, "x":0,
"y":0 "y":0
}, },
{ {
"data":[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 101, 101, 101, 101, 101, 0, 0, 0, 0, 0, 101, 101, 101, 101, 101, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0], "data":[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 101, 101, 101, 101, 101, 0, 0, 0, 0, 0, 101, 101, 101, 101, 101, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0],
"height":10, "height":10,
@ -60,7 +60,7 @@
"width":10, "width":10,
"x":0, "x":0,
"y":0 "y":0
}, },
{ {
"draworder":"topdown", "draworder":"topdown",
"id":5, "id":5,
@ -117,7 +117,7 @@
"type":"bool", "type":"bool",
"value":true "value":true
}] }]
}, },
{ {
"id":1, "id":1,
"properties":[ "properties":[
@ -126,7 +126,7 @@
"type":"bool", "type":"bool",
"value":true "value":true
}] }]
}, },
{ {
"id":2, "id":2,
"properties":[ "properties":[
@ -135,7 +135,7 @@
"type":"bool", "type":"bool",
"value":true "value":true
}] }]
}, },
{ {
"id":3, "id":3,
"properties":[ "properties":[
@ -144,7 +144,7 @@
"type":"bool", "type":"bool",
"value":true "value":true
}] }]
}, },
{ {
"id":4, "id":4,
"properties":[ "properties":[
@ -153,7 +153,7 @@
"type":"bool", "type":"bool",
"value":true "value":true
}] }]
}, },
{ {
"id":8, "id":8,
"properties":[ "properties":[
@ -162,7 +162,7 @@
"type":"bool", "type":"bool",
"value":true "value":true
}] }]
}, },
{ {
"id":9, "id":9,
"properties":[ "properties":[
@ -171,7 +171,7 @@
"type":"bool", "type":"bool",
"value":true "value":true
}] }]
}, },
{ {
"id":10, "id":10,
"properties":[ "properties":[
@ -180,7 +180,7 @@
"type":"bool", "type":"bool",
"value":true "value":true
}] }]
}, },
{ {
"id":11, "id":11,
"properties":[ "properties":[
@ -189,7 +189,7 @@
"type":"bool", "type":"bool",
"value":true "value":true
}] }]
}, },
{ {
"id":12, "id":12,
"properties":[ "properties":[
@ -198,7 +198,7 @@
"type":"bool", "type":"bool",
"value":true "value":true
}] }]
}, },
{ {
"id":16, "id":16,
"properties":[ "properties":[
@ -207,7 +207,7 @@
"type":"bool", "type":"bool",
"value":true "value":true
}] }]
}, },
{ {
"id":17, "id":17,
"properties":[ "properties":[
@ -216,7 +216,7 @@
"type":"bool", "type":"bool",
"value":true "value":true
}] }]
}, },
{ {
"id":18, "id":18,
"properties":[ "properties":[
@ -225,7 +225,7 @@
"type":"bool", "type":"bool",
"value":true "value":true
}] }]
}, },
{ {
"id":19, "id":19,
"properties":[ "properties":[
@ -234,7 +234,7 @@
"type":"bool", "type":"bool",
"value":true "value":true
}] }]
}, },
{ {
"id":20, "id":20,
"properties":[ "properties":[
@ -245,7 +245,7 @@
}] }]
}], }],
"tilewidth":32 "tilewidth":32
}, },
{ {
"columns":8, "columns":8,
"firstgid":65, "firstgid":65,
@ -263,4 +263,4 @@
"type":"map", "type":"map",
"version":1.4, "version":1.4,
"width":10 "width":10
} }

8
maps/tests/Metadata/setProperty.html → maps/tests/Metadata/setProperty.php
View file

@ -1,12 +1,8 @@
<!doctype html> <!doctype html>
<html lang="en"> <html lang="en">
<head> <head>
<script src="<?php echo $_SERVER["FRONT_URL"] ?>/iframe_api.js"></script>
<script> <script>
var script = document.createElement('script');
// Don't do this at home kids! The "document.referrer" part is actually inserting a XSS security.
// We are OK in this precise case because the HTML page is hosted on the "maps" domain that contains only static files.
script.setAttribute('src', document.referrer + 'iframe_api.js');
document.head.appendChild(script);
window.addEventListener('load', () => { window.addEventListener('load', () => {
WA.room.setProperty('iframeTest', 'openWebsite', 'https://www.wikipedia.org/'); WA.room.setProperty('iframeTest', 'openWebsite', 'https://www.wikipedia.org/');
WA.room.setProperty('metadata', 'openWebsite', 'https://www.wikipedia.org/'); WA.room.setProperty('metadata', 'openWebsite', 'https://www.wikipedia.org/');
@ -16,4 +12,4 @@
<body> <body>
<p>Change the url of this iframe and add the 'openWebsite' property to the red tile layer</p> <p>Change the url of this iframe and add the 'openWebsite' property to the red tile layer</p>
</body> </body>
</html> </html>

6
maps/tests/Metadata/setTiles.html
View file

@ -1,12 +1,8 @@
<!doctype html> <!doctype html>
<html lang="en"> <html lang="en">
<head> <head>
<script src="<?php echo $_SERVER["FRONT_URL"] ?>/iframe_api.js"></script>
<script> <script>
var script = document.createElement('script');
// Don't do this at home kids! The "document.referrer" part is actually inserting a XSS security.
// We are OK in this precise case because the HTML page is hosted on the "maps" domain that contains only static files.
script.setAttribute('src', document.referrer + 'iframe_api.js');
document.head.appendChild(script);
window.addEventListener('load', () => { window.addEventListener('load', () => {
WA.room.setTiles([ WA.room.setTiles([

2
maps/tests/Metadata/setTiles.json
View file

@ -43,7 +43,7 @@
{ {
"name":"openWebsite", "name":"openWebsite",
"type":"string", "type":"string",
"value":"setTiles.html" "value":"setTiles.php"
}, },
{ {
"name":"openWebsiteAllowApi", "name":"openWebsiteAllowApi",

8
maps/tests/Metadata/showHideLayer.html
View file

@ -1,12 +1,8 @@
<!doctype html> <!doctype html>
<html lang="en"> <html lang="en">
<head> <head>
<script src="<?php echo $_SERVER["FRONT_URL"] ?>/iframe_api.js"></script>
<script> <script>
var script = document.createElement('script');
// Don't do this at home kids! The "document.referrer" part is actually inserting a XSS security.
// We are OK in this precise case because the HTML page is hosted on the "maps" domain that contains only static files.
script.setAttribute('src', document.referrer + 'iframe_api.js');
document.head.appendChild(script);
window.addEventListener('load', () => { window.addEventListener('load', () => {
document.getElementById('show/hideLayer').onclick = () => { document.getElementById('show/hideLayer').onclick = () => {
if (document.getElementById('show/hideLayer').checked) { if (document.getElementById('show/hideLayer').checked) {
@ -24,4 +20,4 @@
<label for="show/hideLayer">Crysal Layer : </label><input type="checkbox" id="show/hideLayer" name="visible" value="show" checked> <label for="show/hideLayer">Crysal Layer : </label><input type="checkbox" id="show/hideLayer" name="visible" value="show" checked>
</div> </div>
</body> </body>
</html> </html>

44
maps/tests/Metadata/showHideLayer.json
View file

@ -13,7 +13,7 @@
"width":10, "width":10,
"x":0, "x":0,
"y":0 "y":0
}, },
{ {
"data":[33, 34, 34, 34, 34, 34, 34, 34, 34, 35, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 49, 50, 50, 50, 50, 50, 50, 50, 50, 51], "data":[33, 34, 34, 34, 34, 34, 34, 34, 34, 35, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 41, 42, 42, 42, 42, 42, 42, 42, 42, 43, 49, 50, 50, 50, 50, 50, 50, 50, 50, 51],
"height":10, "height":10,
@ -25,7 +25,7 @@
"width":10, "width":10,
"x":0, "x":0,
"y":0 "y":0
}, },
{ {
"data":[22, 0, 0, 0, 22, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 22, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 22, 0, 0, 0, 0, 0, 22, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 22, 0, 0, 22, 0, 0, 22, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0], "data":[22, 0, 0, 0, 22, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 22, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 22, 0, 0, 0, 0, 0, 22, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 22, 0, 0, 22, 0, 0, 22, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0],
"height":10, "height":10,
@ -37,7 +37,7 @@
"width":10, "width":10,
"x":0, "x":0,
"y":0 "y":0
}, },
{ {
"data":[0, 0, 0, 0, 0, 0, 128, 128, 128, 128, 0, 0, 0, 0, 0, 0, 128, 128, 128, 128, 0, 0, 0, 0, 0, 0, 128, 128, 128, 128, 0, 0, 0, 0, 0, 0, 128, 128, 128, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0], "data":[0, 0, 0, 0, 0, 0, 128, 128, 128, 128, 0, 0, 0, 0, 0, 0, 128, 128, 128, 128, 0, 0, 0, 0, 0, 0, 128, 128, 128, 128, 0, 0, 0, 0, 0, 0, 128, 128, 128, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0],
"height":10, "height":10,
@ -48,8 +48,8 @@
{ {
"name":"openWebsite", "name":"openWebsite",
"type":"string", "type":"string",
"value":"showHideLayer.html" "value":"showHideLayer.php"
}, },
{ {
"name":"openWebsiteAllowApi", "name":"openWebsiteAllowApi",
"type":"bool", "type":"bool",
@ -60,7 +60,7 @@
"width":10, "width":10,
"x":0, "x":0,
"y":0 "y":0
}, },
{ {
"draworder":"topdown", "draworder":"topdown",
"id":5, "id":5,
@ -117,7 +117,7 @@
"type":"bool", "type":"bool",
"value":true "value":true
}] }]
}, },
{ {
"id":1, "id":1,
"properties":[ "properties":[
@ -126,7 +126,7 @@
"type":"bool", "type":"bool",
"value":true "value":true
}] }]
}, },
{ {
"id":2, "id":2,
"properties":[ "properties":[
@ -135,7 +135,7 @@
"type":"bool", "type":"bool",
"value":true "value":true
}] }]
}, },
{ {
"id":3, "id":3,
"properties":[ "properties":[
@ -144,7 +144,7 @@
"type":"bool", "type":"bool",
"value":true "value":true
}] }]
}, },
{ {
"id":4, "id":4,
"properties":[ "properties":[
@ -153,7 +153,7 @@
"type":"bool", "type":"bool",
"value":true "value":true
}] }]
}, },
{ {
"id":8, "id":8,
"properties":[ "properties":[
@ -162,7 +162,7 @@
"type":"bool", "type":"bool",
"value":true "value":true
}] }]
}, },
{ {
"id":9, "id":9,
"properties":[ "properties":[
@ -171,7 +171,7 @@
"type":"bool", "type":"bool",
"value":true "value":true
}] }]
}, },
{ {
"id":10, "id":10,
"properties":[ "properties":[
@ -180,7 +180,7 @@
"type":"bool", "type":"bool",
"value":true "value":true
}] }]
}, },
{ {
"id":11, "id":11,
"properties":[ "properties":[
@ -189,7 +189,7 @@
"type":"bool", "type":"bool",
"value":true "value":true
}] }]
}, },
{ {
"id":12, "id":12,
"properties":[ "properties":[
@ -198,7 +198,7 @@
"type":"bool", "type":"bool",
"value":true "value":true
}] }]
}, },
{ {
"id":16, "id":16,
"properties":[ "properties":[
@ -207,7 +207,7 @@
"type":"bool", "type":"bool",
"value":true "value":true
}] }]
}, },
{ {
"id":17, "id":17,
"properties":[ "properties":[
@ -216,7 +216,7 @@
"type":"bool", "type":"bool",
"value":true "value":true
}] }]
}, },
{ {
"id":18, "id":18,
"properties":[ "properties":[
@ -225,7 +225,7 @@
"type":"bool", "type":"bool",
"value":true "value":true
}] }]
}, },
{ {
"id":19, "id":19,
"properties":[ "properties":[
@ -234,7 +234,7 @@
"type":"bool", "type":"bool",
"value":true "value":true
}] }]
}, },
{ {
"id":20, "id":20,
"properties":[ "properties":[
@ -245,7 +245,7 @@
}] }]
}], }],
"tilewidth":32 "tilewidth":32
}, },
{ {
"columns":8, "columns":8,
"firstgid":65, "firstgid":65,
@ -263,4 +263,4 @@
"type":"map", "type":"map",
"version":1.4, "version":1.4,
"width":10 "width":10
} }

20
maps/tests/Variables/shared_variables.json
View file

@ -12,8 +12,8 @@
{ {
"name":"openWebsite", "name":"openWebsite",
"type":"string", "type":"string",
"value":"shared_variables.html" "value":"shared_variables.php"
}, },
{ {
"name":"openWebsiteAllowApi", "name":"openWebsiteAllowApi",
"type":"bool", "type":"bool",
@ -24,7 +24,7 @@
"width":10, "width":10,
"x":0, "x":0,
"y":0 "y":0
}, },
{ {
"data":[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 12, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0], "data":[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 12, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0],
"height":10, "height":10,
@ -36,7 +36,7 @@
"width":10, "width":10,
"x":0, "x":0,
"y":0 "y":0
}, },
{ {
"draworder":"topdown", "draworder":"topdown",
"id":3, "id":3,
@ -59,7 +59,7 @@
"width":252.4375, "width":252.4375,
"x":2.78125, "x":2.78125,
"y":2.5 "y":2.5
}, },
{ {
"height":0, "height":0,
"id":5, "id":5,
@ -70,22 +70,22 @@
"name":"default", "name":"default",
"type":"string", "type":"string",
"value":"default value" "value":"default value"
}, },
{ {
"name":"jsonSchema", "name":"jsonSchema",
"type":"string", "type":"string",
"value":"{}" "value":"{}"
}, },
{ {
"name":"persist", "name":"persist",
"type":"bool", "type":"bool",
"value":true "value":true
}, },
{ {
"name":"readableBy", "name":"readableBy",
"type":"string", "type":"string",
"value":"" "value":""
}, },
{ {
"name":"writableBy", "name":"writableBy",
"type":"string", "type":"string",
@ -128,4 +128,4 @@
"type":"map", "type":"map",
"version":1.5, "version":1.5,
"width":10 "width":10
} }

6
maps/tests/Variables/shared_variables.html → maps/tests/Variables/shared_variables.php
View file

@ -1,12 +1,8 @@
<!doctype html> <!doctype html>
<html lang="en"> <html lang="en">
<head> <head>
<script src="<?php echo $_SERVER["FRONT_URL"] ?>/iframe_api.js"></script>
<script> <script>
var script = document.createElement('script');
// Don't do this at home kids! The "document.referrer" part is actually inserting a XSS security.
// We are OK in this precise case because the HTML page is hosted on the "maps" domain that contains only static files.
script.setAttribute('src', document.referrer + 'iframe_api.js');
document.head.appendChild(script);
window.addEventListener('load', () => { window.addEventListener('load', () => {
console.log('On load'); console.log('On load');
WA.onInit().then(() => { WA.onInit().then(() => {

8
maps/tests/iframe.html → maps/tests/iframe.php
View file

@ -1,13 +1,7 @@
<!doctype html> <!doctype html>
<html lang="en"> <html lang="en">
<head> <head>
<script> <script src="<?php echo $_SERVER["FRONT_URL"] ?>/iframe_api.js"></script>
var script = document.createElement('script');
// Don't do this at home kids! The "document.referrer" part is actually inserting a XSS security.
// We are OK in this precise case because the HTML page is hosted on the "maps" domain that contains only static files.
script.setAttribute('src', document.referrer + 'iframe_api.js');
document.head.appendChild(script);
</script>
</head> </head>
<body> <body>
<button id="sendchat">Send chat message</button> <button id="sendchat">Send chat message</button>

14
maps/tests/iframe_api.json
View file

@ -20,7 +20,7 @@
"width":10, "width":10,
"x":0, "x":0,
"y":0 "y":0
}, },
{ {
"data":[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 12, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0], "data":[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 12, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0],
"height":10, "height":10,
@ -32,7 +32,7 @@
"width":10, "width":10,
"x":0, "x":0,
"y":0 "y":0
}, },
{ {
"data":[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 34, 34, 34, 34, 34, 0, 0, 0, 0, 0, 34, 34, 34, 34, 34, 0, 0, 0, 0, 0, 34, 34, 34, 34, 34, 0, 0, 0, 0, 0, 34, 34, 34, 34, 34, 0, 0, 0, 0, 0, 34, 34, 34, 34, 34, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0], "data":[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 34, 34, 34, 34, 34, 0, 0, 0, 0, 0, 34, 34, 34, 34, 34, 0, 0, 0, 0, 0, 34, 34, 34, 34, 34, 0, 0, 0, 0, 0, 34, 34, 34, 34, 34, 0, 0, 0, 0, 0, 34, 34, 34, 34, 34, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0],
"height":10, "height":10,
@ -43,8 +43,8 @@
{ {
"name":"openWebsite", "name":"openWebsite",
"type":"string", "type":"string",
"value":"iframe.html" "value":"iframe.php"
}, },
{ {
"name":"openWebsiteAllowApi", "name":"openWebsiteAllowApi",
"type":"bool", "type":"bool",
@ -55,7 +55,7 @@
"width":10, "width":10,
"x":0, "x":0,
"y":0 "y":0
}, },
{ {
"data":[0, 0, 93, 0, 104, 0, 0, 0, 0, 0, 0, 0, 104, 0, 115, 0, 0, 0, 93, 0, 0, 0, 115, 0, 0, 0, 93, 0, 104, 0, 0, 0, 0, 0, 0, 0, 104, 0, 115, 93, 0, 0, 0, 0, 0, 0, 115, 0, 0, 104, 0, 0, 0, 0, 0, 0, 0, 0, 0, 115, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0], "data":[0, 0, 93, 0, 104, 0, 0, 0, 0, 0, 0, 0, 104, 0, 115, 0, 0, 0, 93, 0, 0, 0, 115, 0, 0, 0, 93, 0, 104, 0, 0, 0, 0, 0, 0, 0, 104, 0, 115, 93, 0, 0, 0, 0, 0, 0, 115, 0, 0, 104, 0, 0, 0, 0, 0, 0, 0, 0, 0, 115, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0],
"height":10, "height":10,
@ -67,7 +67,7 @@
"width":10, "width":10,
"x":0, "x":0,
"y":0 "y":0
}, },
{ {
"draworder":"topdown", "draworder":"topdown",
"id":3, "id":3,
@ -121,4 +121,4 @@
"type":"map", "type":"map",
"version":1.4, "version":1.4,
"width":10 "width":10
} }