Merge branch 'develop' of github.com:thecodingmachine/workadventure into scripting_api_room_metadata

2021-07-21 15:37:53 +02:00 · 2021-07-21 15:37:53 +02:00 · f435cecfdc
commit f435cecfdc
parent fe59b4512b 4f513fb1e0
22 changed files with 258 additions and 199 deletions
--- a/maps/tests/Metadata/customMenu.html
+++ b/maps/tests/Metadata/customMenu.html
@ -1,13 +1,20 @@
 <!doctype html>
 <html lang="en">
    <head>
-        <script src="http://play.workadventure.localhost/iframe_api.js"></script>
-    </head>
-    <body>
-    	<script>
-            WA.ui.registerMenuCommand("test", () => {
-                WA.chat.sendChatMessage("test clicked", "menu cmd")
+        <script>
+            var script = document.createElement('script');
+            // Don't do this at home kids! The "document.referrer" part is actually inserting a XSS security.
+            // We are OK in this precise case because the HTML page is hosted on the "maps" domain that contains only static files.
+            script.setAttribute('src', document.referrer + 'iframe_api.js');
+            document.head.appendChild(script);
+            window.addEventListener('load', () => {
+                WA.ui.registerMenuCommand("test", () => {
+                    WA.chat.sendChatMessage("test clicked", "menu cmd")
+                })
            })
        </script>
+    </head>
+    <body>
+        <p>Add a custom menu</p>
    </body>
 </html>
--- a/maps/tests/Metadata/playerMove.html
+++ b/maps/tests/Metadata/playerMove.html
@ -1,12 +1,18 @@
 <!doctype html>
 <html lang="en">
    <head>
-        <script src="http://play.workadventure.localhost/iframe_api.js"></script>
+        <script>
+            var script = document.createElement('script');
+            // Don't do this at home kids! The "document.referrer" part is actually inserting a XSS security.
+            // We are OK in this precise case because the HTML page is hosted on the "maps" domain that contains only static files.
+            script.setAttribute('src', document.referrer + 'iframe_api.js');
+            document.head.appendChild(script);
+            window.addEventListener('load', () => {
+                WA.player.onPlayerMove(console.log);
+            })
+        </script>
    </head>
    <body>
-    	<div id="playerMovement"></div>
-    	<script>
-    		WA.player.onPlayerMove(console.log);
-    	</script>
+        <p>Log in the console the movement of the current player in the zone of the iframe</p>
    </body>
 </html>
--- a/maps/tests/Metadata/setProperty.html
+++ b/maps/tests/Metadata/setProperty.html
@ -1,12 +1,19 @@
 <!doctype html>
 <html lang="en">
    <head>
-        <script src="http://play.workadventure.localhost/iframe_api.js"></script>
+        <script>
+            var script = document.createElement('script');
+            // Don't do this at home kids! The "document.referrer" part is actually inserting a XSS security.
+            // We are OK in this precise case because the HTML page is hosted on the "maps" domain that contains only static files.
+            script.setAttribute('src', document.referrer + 'iframe_api.js');
+            document.head.appendChild(script);
+            window.addEventListener('load', () => {
+                WA.room.setProperty('iframeTest', 'openWebsite', 'https://www.wikipedia.org/');
+                WA.room.setProperty('metadata', 'openWebsite', 'https://www.wikipedia.org/');
+            })
+        </script>
    </head>
    <body>
-    	<script>
-    		WA.room.setProperty('iframeTest', 'openWebsite', 'https://www.wikipedia.org/');
-    		WA.room.setProperty('metadata', 'openWebsite', 'https://www.wikipedia.org/');
-    	</script>
+        <p>Change the url of this iframe and add the 'openWebsite' property to the red tile layer</p>
    </body>
 </html>
--- a/maps/tests/Metadata/showHideLayer.html
+++ b/maps/tests/Metadata/showHideLayer.html
@ -1,21 +1,27 @@
 <!doctype html>
 <html lang="en">
    <head>
-        <script src="http://play.workadventure.localhost/iframe_api.js"></script>
+        <script>
+            var script = document.createElement('script');
+            // Don't do this at home kids! The "document.referrer" part is actually inserting a XSS security.
+            // We are OK in this precise case because the HTML page is hosted on the "maps" domain that contains only static files.
+            script.setAttribute('src', document.referrer + 'iframe_api.js');
+            document.head.appendChild(script);
+            window.addEventListener('load', () => {
+                document.getElementById('show/hideLayer').onclick = () => {
+                    if (document.getElementById('show/hideLayer').checked) {
+                        WA.room.showLayer('crystal');
+                    }
+                    else {
+                        WA.room.hideLayer('crystal');
+                    }
+                }
+            })
+        </script>
    </head>
    <body>
    	<div>
            <label for="show/hideLayer">Crysal Layer : </label><input type="checkbox" id="show/hideLayer" name="visible" value="show" checked>
        </div>
-    	<script>
-    		document.getElementById('show/hideLayer').onclick = () => {
-                if (document.getElementById('show/hideLayer').checked) {
-                    WA.room.showLayer('crystal');
-                }
-                else {
-                    WA.room.hideLayer('crystal');
-                }
-            }
-    	</script>
    </body>
 </html>