
Security News
libxml2 Maintainer Ends Embargoed Vulnerability Reports, Citing Unsustainable Burden
Libxml2’s solo maintainer drops embargoed security fixes, highlighting the burden on unpaid volunteers who keep critical open source software secure.
snabbdom-iframe-domapi
Advanced tools
Snabbdom allows you to provide alternative DOM implementations. This project provides a standard HTML DOM API along with iframe support, so that you can simply patch content inside of <iframe>
elements. This allows one to do something like:
var vnode0 = document.createElement('iframe');
document.body.appendChild(vnode0);
var vnode1 = h('iframe', [
h('ul', [
h('li', 'Thing 1'),
h('li', 'Thing 2')
]),
h('span', 'Another thing.')
]);
patch(vnode0, vnode1);
patch(vnode1, h('iframe', [
h('ul', [
h('li', 'Thing 0'),
h('li', 'Thing 1'),
h('li', 'Thing 2')
])
]));
And the childNodes will be added/removed from the contentDocument.body
of the iframe when the iframe is fully ready/loaded.
The default implementation simply uses the current window's document
to create elements. This implementation is accessible as the default export.
import domApi from 'snabbdom-iframe-domapi';
import snabbdom from 'snabbdom';
import snabbdomClass from 'snabbdom/modules/class';
import snabbdomProps from 'snabbdom/modules/props';
import snabbdomEventListeners from 'snabbdom/modules/eventlisteners';
let patch = snabbdom.init([
snabbdomClass,
snabbdomProps,
snabbdomEventListeners
], domApi);
clean
You can specify a clean
option to the createApi
function. This will cause the implementation to create a new, clean Document (untouched by any changes to window globals), and it will use this "clean" document to create elements.
trustedTypesPolicy
You can pass a TrustedTypePolicy
to the createApi
function via the trustedTypesPolicy
option. When the clean
option is true, this will cause the "clean" document to use that passed policy as the default policy when setting any "injection sinks." See the Trusted Types documentation for more details.
To set options simply pass a hash of option values to the createApi
function:
import { createApi } from 'snabbdom-iframe-domapi';
import snabbdom from 'snabbdom';
import snabbdomClass from 'snabbdom/modules/class';
import snabbdomProps from 'snabbdom/modules/props';
import snabbdomEventListeners from 'snabbdom/modules/eventlisteners';
const policy = window.trustedTypes.defaultPolicy;
const domApi = createApi({ clean: true, trustedTypesPolicy: policy });
const patch = snabbdom.init([
snabbdomClass,
snabbdomProps,
snabbdomEventListeners
], domApi);
FAQs
DOM API for Snabbdom with iframe support.
The npm package snabbdom-iframe-domapi receives a total of 140 weekly downloads. As such, snabbdom-iframe-domapi popularity was classified as not popular.
We found that snabbdom-iframe-domapi demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Libxml2’s solo maintainer drops embargoed security fixes, highlighting the burden on unpaid volunteers who keep critical open source software secure.
Research
Security News
Socket researchers uncover how browser extensions in trusted stores are used to hijack sessions, redirect traffic, and manipulate user behavior.
Research
Security News
An in-depth analysis of credential stealers, crypto drainers, cryptojackers, and clipboard hijackers abusing open source package registries to compromise Web3 development environments.