Fixed potential injection by switching map container to PHP

Some HTML files were importing iframe_api.js automatically by detecting the referrer document. While this was done in a safe way (the map container does not use cookies), it is not a best practice to load a script originating from document.referrer. This PR solves the issue by using PHP to inject the correct domain name in the HTML files.
2021-11-29 19:05:13 +01:00 · 2021-11-29 19:05:13 +01:00 · 41fd848fa0
commit 41fd848fa0
parent 233c3d1abe
27 changed files with 167 additions and 204 deletions
--- a/maps/tests/iframe_api.json
+++ b/maps/tests/iframe_api.json
@ -20,7 +20,7 @@
         "width":10,
         "x":0,
         "y":0
-        }, 
+        },
        {
         "data":[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 12, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0],
         "height":10,
@ -32,7 +32,7 @@
         "width":10,
         "x":0,
         "y":0
-        }, 
+        },
        {
         "data":[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 34, 34, 34, 34, 34, 0, 0, 0, 0, 0, 34, 34, 34, 34, 34, 0, 0, 0, 0, 0, 34, 34, 34, 34, 34, 0, 0, 0, 0, 0, 34, 34, 34, 34, 34, 0, 0, 0, 0, 0, 34, 34, 34, 34, 34, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0],
         "height":10,
@ -43,8 +43,8 @@
                {
                 "name":"openWebsite",
                 "type":"string",
-                 "value":"iframe.html"
-                }, 
+                 "value":"iframe.php"
+                },
                {
                 "name":"openWebsiteAllowApi",
                 "type":"bool",
@ -55,7 +55,7 @@
         "width":10,
         "x":0,
         "y":0
-        }, 
+        },
        {
         "data":[0, 0, 93, 0, 104, 0, 0, 0, 0, 0, 0, 0, 104, 0, 115, 0, 0, 0, 93, 0, 0, 0, 115, 0, 0, 0, 93, 0, 104, 0, 0, 0, 0, 0, 0, 0, 104, 0, 115, 93, 0, 0, 0, 0, 0, 0, 115, 0, 0, 104, 0, 0, 0, 0, 0, 0, 0, 0, 0, 115, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0],
         "height":10,
@ -67,7 +67,7 @@
         "width":10,
         "x":0,
         "y":0
-        }, 
+        },
        {
         "draworder":"topdown",
         "id":3,
@ -121,4 +121,4 @@
 "type":"map",
 "version":1.4,
 "width":10
-}
+}