18 lines
735 B
HTML
18 lines
735 B
HTML
<!doctype html>
|
|
<html lang="en">
|
|
<head>
|
|
<script src="/iframe_api.js" ></script>
|
|
<script>
|
|
// Note: this is a huge XSS flow as we allow anyone to load a Javascript file in our domain.
|
|
// This file must ABSOLUTELY be removed from the Docker images/deployments and is only here
|
|
// for development purpose (because dynamically generated iframes are not working with
|
|
// webpack hot reload due to an issue with rights)
|
|
const urlParams = new URLSearchParams(window.location.search);
|
|
const scriptUrl = urlParams.get('script');
|
|
const script = document.createElement('script');
|
|
script.src = scriptUrl;
|
|
document.head.append(script);
|
|
</script>
|
|
</head>
|
|
</html>
|