
Research
/Security News
Critical Vulnerability in NestJS Devtools: Localhost RCE via Sandbox Escape
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
floating-iframe-popup
Advanced tools
一个高颜值、可拖拽按钮控制的 iframe 弹窗插件。支持消息通信、图片预览、全屏、刷新、在新窗口打开等丰富功能,适配多种引入方式,易于集成和二次开发。
npm install floating-iframe-popup
或直接下载 dist 目录下的 UMD 文件用于浏览器。
import FloatingIframePopup from 'floating-iframe-popup';
const popup = new FloatingIframePopup({
iframeSrc: 'https://example.com',
title: '演示弹窗',
buttonOptions: {
content: '打开'
}
});
const FloatingIframePopup = require('floating-iframe-popup');
const popup = new FloatingIframePopup({
iframeSrc: 'https://example.com',
title: '演示弹窗'
});
<script src="dist/floating-iframe-popup.umd.min.js"></script>
<script>
const popup = new FloatingIframePopup({
iframeSrc: 'https://example.com',
title: '演示弹窗',
buttonOptions: {
content: '打开'
}
});
</script>
参数 | 类型 | 默认值 | 说明 |
---|---|---|---|
iframeSrc | String | '' | iframe 加载的 URL |
title | String | '弹出窗口' | 弹窗标题 |
buttonOptions | Object | { content: '入口', position: { bottom: 20, right: 20 } } | 按钮内容、样式、位置等 |
popupSize | Object | { width: '80%', height: '80%', maxWidth: '800px', maxHeight: '600px' } | 弹窗尺寸 |
messageOptions | Object | { targetOrigin: '*', onMessage: null } | 消息通信配置 |
content
按钮显示内容(文本或 HTML)activeContent
激活状态内容styles
自定义按钮样式(对象)position
按钮初始位置,如 { bottom: 20, right: 20 }
width
弹窗宽度(如 '80%' 或 '600px')height
弹窗高度maxWidth
最大宽度maxHeight
最大高度targetOrigin
postMessage 目标源onMessage
接收 iframe 消息的回调showPopup()
显示弹窗hidePopup()
隐藏弹窗togglePopup()
切换弹窗显示/隐藏updateIframeSrc(url)
更新 iframe 地址updateTitle(title)
更新弹窗标题updatePopupSize(size)
更新弹窗尺寸refreshIframe()
刷新 iframeopenInNewWindow()
在新窗口打开 iframe 页面toggleFullscreen()
切换全屏destroy()
销毁实例,移除所有元素和事件iframe 与父页面消息通信
支持通过 window.postMessage
与 iframe 通信,详见 messageOptions.onMessage
。
图片预览
iframe 内图片可通过 postMessage 触发父页面图片预览,支持缩放、拖拽、重置。
自定义样式
可通过 buttonOptions.styles
或覆盖 .floating-iframe-popup
相关 CSS 类自定义样式。
详见 example/
目录,或运行:
npm install
npm run build
npx http-server
# 浏览器访问 http://localhost:8080/example/
MIT
如需更详细的开发、构建、发布说明,请参考 INSTALL.md。
如需二次开发或定制,建议阅读源码注释,结构清晰易扩展。
如需进一步补充或有特殊定制需求,请告知!
FAQs
一个可拖拽按钮控制的 iframe 弹窗插件
We found that floating-iframe-popup demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
Product
Customize license detection with Socket’s new license overlays: gain control, reduce noise, and handle edge cases with precision.
Product
Socket now supports Rust and Cargo, offering package search for all users and experimental SBOM generation for enterprise projects.