lbehm/workadventure
1
0
Fork 0
Code Issues Pull requests Releases Activity
workadventure/maps/tests/Variables
History
David Négrier 41fd848fa0 Fixed potential injection by switching map container to PHP 
Some HTML files were importing iframe_api.js automatically by detecting the referrer document.

While this was done in a safe way (the map container does not use cookies), it is not
a best practice to load a script originating from document.referrer.

This PR solves the issue by using PHP to inject the correct domain name in the HTML files.
2021-11-29 19:05:13 +01:00
..
Cache Adding end-to-end tests 2021-11-23 15:43:34 +01:00
script.js Adding support for "readableBy" and "writableBy" in back 2021-07-19 10:16:43 +02:00
shared_variables.json Fixed potential injection by switching map container to PHP 2021-11-29 19:05:13 +01:00
shared_variables.php Fixed potential injection by switching map container to PHP 2021-11-29 19:05:13 +01:00
variables.json Adding support for "readableBy" and "writableBy" in back 2021-07-19 10:16:43 +02:00