lbehm/workadventure
1
0
Fork 0
Code Issues Pull requests Releases Activity
3111 commits 21 branches 1 tag 50 MiB
Commit graph

5 commits

Author SHA1 Message Date
David Négrier 41fd848fa0 Fixed potential injection by switching map container to PHP 
Some HTML files were importing iframe_api.js automatically by detecting the referrer document.

While this was done in a safe way (the map container does not use cookies), it is not
a best practice to load a script originating from document.referrer.

This PR solves the issue by using PHP to inject the correct domain name in the HTML files.
 2021-11-29 19:05:13 +01:00
GRL a6ba8d41b9 implement show/hide layer with scripting 2021-05-10 11:19:18 +02:00
David Négrier 94317be1ae Improving test cases 
This PR improves test cases by adding a "index.html" webpage listing test maps
and by adding text in the map, explaining what needs to be tested.
 2021-04-17 21:31:09 +02:00
David Négrier 7d67f55012 Improving security: only iframes opened with "openWebsiteAllowApi" property are now able to send/receive messages. 2021-03-06 16:00:07 +01:00
David Négrier eb93a04341 Adding an API for inter-iframe communication 
Adds a first version of an API to communicate between an iFrame opened by WorkAdventure and WorkAdventure itself.
The first API method is a method allowing to add messages in the chat, from the iFrame.

Comes with a test file.
 2021-03-04 19:00:00 +01:00