Security News
Node.js Moves Toward Stable TypeScript Support with Amaro 1.0
Amaro 1.0 lays the groundwork for stable TypeScript support in Node.js, bringing official .ts loading closer to reality.
By Sarah Gooding - Jun 10, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
snabbdom-iframe-domapi
Advanced tools
snabbdom-iframe-domapi 
Snabbdom allows you to provide alternative DOM implementations. This project provides a standard HTML DOM API along with iframe support, so that you can simply patch content inside of <iframe> elements. This allows one to do something like:
var vnode0 = document.createElement('iframe');
document.body.appendChild(vnode0);
var vnode1 = h('iframe', [
h('ul', [
h('li', 'Thing 1'),
h('li', 'Thing 2')
]),
h('span', 'Another thing.')
]);
patch(vnode0, vnode1);
patch(vnode1, h('iframe', [
h('ul', [
h('li', 'Thing 0'),
h('li', 'Thing 1'),
h('li', 'Thing 2')
])
]));
And the childNodes will be added/removed from the contentDocument.body of the iframe when the iframe is fully ready/loaded.
Usage
Default
The default implementation simply uses the current window's document to create elements. This implementation is accessible as the default export.
import domApi from 'snabbdom-iframe-domapi';
import snabbdom from 'snabbdom';
import snabbdomClass from 'snabbdom/modules/class';
import snabbdomProps from 'snabbdom/modules/props';
import snabbdomEventListeners from 'snabbdom/modules/eventlisteners';
let patch = snabbdom.init([
snabbdomClass,
snabbdomProps,
snabbdomEventListeners
], domApi);
Options
-
cleanYou can specify a
cleanoption to thecreateApifunction. This will cause the implementation to create a new, clean Document (untouched by any changes to window globals), and it will use this "clean" document to create elements. -
trustedTypesPolicyYou can pass a
TrustedTypePolicyto thecreateApifunction via thetrustedTypesPolicyoption. When thecleanoption is true, this will cause the "clean" document to use that passed policy as the default policy when setting any "injection sinks." See the Trusted Types documentation for more details.
To set options simply pass a hash of option values to the createApi function:
import { createApi } from 'snabbdom-iframe-domapi';
import snabbdom from 'snabbdom';
import snabbdomClass from 'snabbdom/modules/class';
import snabbdomProps from 'snabbdom/modules/props';
import snabbdomEventListeners from 'snabbdom/modules/eventlisteners';
const policy = window.trustedTypes.defaultPolicy;
const domApi = createApi({ clean: true, trustedTypesPolicy: policy });
const patch = snabbdom.init([
snabbdomClass,
snabbdomProps,
snabbdomEventListeners
], domApi);
FAQs
DOM API for Snabbdom with iframe support.
The npm package snabbdom-iframe-domapi receives a total of 143 weekly downloads. As such, snabbdom-iframe-domapi popularity was classified as not popular.
We found that snabbdom-iframe-domapi demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 20 Apr 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
By Kush Pandya - Jun 06, 2025
Product
Socket Now Supports pylock.toml Files
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
By Trevor Norris - Jun 05, 2025