
Security News
Open Source CAI Framework Handles Pen Testing Tasks up to 3,600× Faster Than Humans
CAI is a new open source AI framework that automates penetration testing tasks like scanning and exploitation up to 3,600× faster than humans.
iframe-message-proxy
Advanced tools
This package is used for BLiP platform to handle communications between micro frontends, done by iframes throught postMessages
. Basically, we send a message and wait for response. It is possible because every message sended to parent window throught IframeMessageProxy
has a cached promise with an ID that is resolved when current window receive a message with the same ID. Jump to Usage section to more details.
npm i -S iframe-message-proxy
import { IframeMessageProxy } from 'iframe-message-proxy';
IframeMessageProxy.listen(); // Start listen for post messages
// Sending messages
IframeMessageProxy.sendMessage({
action: 'customAction',
content: 'Here is my awesome action',
});
sendMessage
method takes an object as param that accept these properties:
Property | Type | Required | Description |
---|---|---|---|
action | string | true | Action sended to parent iframe. By default, is prefixed by blipEvent: |
content | any | false | Actions can have optional contents added |
fireAndForget | boolean | false | Messages can have no response and be just a command to parent iframe |
caller | string | false | Every message has a caller . By default, is used child iframe name (passed as attribute on <iframe name="iframe-name">... ) but you can set a custom caller name too. |
By default, sendMessage
method will send a postMessage
to parent window and wait for some response, if has one.
// Child iframe
const action = await IframeMessageProxy.sendMessage({
action: 'customAction',
content: 'Here is my awesome action',
});
// Parent iframe
const iframe = document.getElementById('my-iframe').contentWindow; // Get iframe caller
// Handle received messages
const handleOnReceiveMessage = msgEvt: MessageEvent => {
/**
* Assuming that window can receive many postMessage events,
* there is a tip to filter only messages camed from our library
*/
const BLIP_EVENT_PREFIX = 'blipEvent:'
const shouldHandleMessage = msg =>
Object.keys(msg)
.find(k => k == 'action' && msg.action.startsWith(BLIP_EVENT_PREFIX));
if (!msgEvt.data || !message || !shouldHandleMessage(msgEvt.data.message)) {
return;
}
/**
* Every message has properties "message" and "trackingProperties".
* "trackingProperties" is used by Iframe Message Proxy to identify
* which promise will be resolved after send a postMessage, so
* if you want to send something back to caller, you have to pass
* trackingProperties received from child iframe.
*/
const { message, trackingProperties } = msgEvt.data;
iframe.postMessage({
response: 'Success!',
trackingProperties
}, '*')
}
window.addEventListener('message', handleOnReceiveMessage);
If you want to send an error message to child iframe, you may also add error
property to response object. In this way, the child iframe will reject the promise instead of resolve them.
try {
doSomethingWrong();
} catch (e) {
iframe.postMessage({
error: e.toString(),
trackingProperties
}, '*')
}
You can also configure defaults by config
method:
IframeMessageProxy.config({
prefix: 'customPrefix:',
eventCaller: 'jarvis',
})
prefix?: string caller?: string receiveWindow?: Window targetWindow?: Window shouldHandleMessage?: ((message: IIdentifiedMessage) => boolean)
Property | Type | Default | Description |
---|---|---|---|
prefix | string | blipEvent: | Action prefix |
caller | string | window.name | Caller name |
receiveWindow | Window | window | Window that will receive postMessages responses |
targetWindow | Window | window.parent | Window that we'll request something |
shouldHandleMessage | () => boolean | undefined | You can choose what message will be parsed or not by calling a function that takes a MessageEvent as argument. function(evt) { if (!evt.data) return false } |
FAQs
iframe-message-proxy
The npm package iframe-message-proxy receives a total of 98 weekly downloads. As such, iframe-message-proxy popularity was classified as not popular.
We found that iframe-message-proxy demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
CAI is a new open source AI framework that automates penetration testing tasks like scanning and exploitation up to 3,600× faster than humans.
Security News
Deno 2.4 brings back bundling, improves dependency updates and telemetry, and makes the runtime more practical for real-world JavaScript projects.
Security News
CVEForecast.org uses machine learning to project a record-breaking surge in vulnerability disclosures in 2025.