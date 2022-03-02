I am writing down a handy article on iframe which will help you -

To this day, there are eight attributes we can use to customize the behaviour or styling of an iframe.

src=“https://google.com/”

srcdoc=“

Some html

height=“100px”

width=“100px”

name=“my-iframe”

allow=“fullscreen”

referrerpolicy=“no-referrer”

sandbox=“allow-same-origin”

You may find more than the ones listed above, but keep in mind that they are not supported in HTML5 anymore: align, frameborder, longdesc, marginheight, marginwidth and scrolling.

Note: By default, the iframe element has a border around it. To remove it, you can use the style attribute to set the border CSS property to none.

From the parent to the iframe

Send the message from the parent element:

const myiframe = document.getElementById(‘myIframe’) myIframe.contentWindow.postMessage(‘message’, ‘*’);

And listen to it in the iframe:

window.onmessage = function(event){ if (event.data == ‘message’) { console(‘Message received!’); } };

From the iframe to the parent

Send the message from the iframe:

window.top.postMessage(‘reply’, ‘*’)

And listen to it in the parent:

window.onmessage = function(event){ if (event.data == ‘reply’) { console(‘Reply received!’); } };

Note : Keep in mind that you can end up in some tricky situations when you need to debug something as messages are fire-and-forget (i.e., there is no real error handling). Basically on depending this type of iframe and related things I have developed erp implementation plan and related things.

Here is the complete list of sandboxing flags and their purposes:

Flag Details allow-forms Allows form submission. allow-modals Allows the resource to open new modal windows. allow-orientation-lock Allows the resource to lock the screen orientation. allow-pointer-lock Allows the resource to use the Pointer Lock API. allow-popups Allows the resource to open new popups or tabs. allow-popups-to-escape-sandbox Allows the resource to open new windows that will not inherit the sandboxing. allow-presentation Allows the resource to start a presentation session. allow-same-origin Allows the resource to maintain its origin. allow-scripts Allows the resource to run scripts. allow-top-navigation Allows the resource to navigate the top-level browsing context. allow-top-navigation-by-user-activation Allows the resource to navigate the top-level browsing context, but only if initiated by a user gesture.

It is up to you to define which privileges you can grant to each iframe.

For instance, if your iframe only needs to submit forms and to open new modal windows, here is how you will configure the sandbox attribute:

For a situation when the sandbox attribute is configured, and one feature is not working correctly within the resource, it might be because it lacks a specific flag.

Make sure you know more about them to debug things quickly.

Also, keep in mind that using an empty sandbox attribute will fully sandbox the iframe.

This means that the JavaScript inside the iframe will not be executed, and all the privileges listed above will be restricted (like creating new windows or loading a plugin).

The empty sandbox attribute is mostly using for static content but will drastically reduce the capability required for other resources to work properly.

Note : The sandbox attribute is unsupported in Internet Explorer 9 and earlier.

The allow attribute

This allow attribute is currently experimental and only supported by Chromium-based browsers. It lets you allow whitelist specific features like letting the iframe access to the accelerometer, the battery information, or the camera.

Reload the content of an iframe

Easy peasy lemon squeezy! As you can access the window element of the iframe with contentWindow , you have to do this:

// Get the iframe const iframe = document.getElementById(‘myIframe’); // Reload the iframe iframe.contentWindow.location.reload();

Hope this article will help you proeprly.