stuff.js - npm explorer

stuff.js

v0.4.1

A smart sandboxed programmable iframe.

0/weekUpdated 3 years ago

Published by amasad

npm install stuff.js

Repository Homepage npm

Stuff.js
--------

A secure and easy way to run arbitrary HTML / JS / CSS code in an iframe.

Stuff.js is a client-side JS library that is meant to be loaded from different origins to restrict access from the iframe to it's parent(s). Read more.

Node is only required for testing and developlment and is only used as a static server. Feel free to use your web server of choice.

Run the example

``node dist/example/server.js`

Navigate browser to http://localhost:8080/example

`Running Tests`

`node server.js`

Navigate browser to http://localhost:8080/test/tests.html

`Building`

An up-to-date pre-built version can be found in the distfolder. To build:

`node build.js`

`Usage`

Place the secure folder on a different origin you intend to use stuff.js. Origin could mean different protocol, port, and or domain name.

`javascript

stuff(secureUrl, function (context) { context.load('stuff'); });`

`API`

`$3`

The main constructor function that loads the secure iframe from urland callscbwith the context (see below). Optionally, you can pass in an options object as the second argument and can contain any of the following:

* elan element to append the iframe to. Defaults to the body. *sandbox You can pass in a space delimited string of the HTML5 sandbox flags or simply trueto add the attribute with the minimum flags needed to function: *allow-scriptsneeded for the iframe to function. *allow-same-origin needed for basic interactions with the iframe.

`$3`

Clears all stuff iframe instances from the page.

`$3`

The execution context for the code. It is the class that wraps the secure iframe.

`$3`

Writes htmlCode to the iframe document and calls cb when the load event fires.

`$3`

Executes arbitrary javascript jsCode in the context. Calls cbwith the error (null if no error) and the result.

`$3`

Gets the current iframe document html.

`$3`

Is just the iframe element available for DOM manipulation. Note that if you move the iframe, it has to reload and will lose all code and state.

`$3`

Sometimes you may find yourself wanting to communicate back to the outside world from inside the execution context.

#### window.parent.stuffEmit(event, data)

Emit an event to the conetxt. See Context#on to listen on this.

#### window.parent.stuffOn(event, data)

Listen to event sent by context.emit.

#### Context#emit(event, data)

Emit events that can be listened on via window.parent.stuffOn.

#### Context#on(event, cb(data))

Listen on custom events.

#### Context#off(event, [cb])

Remove callback cb` if specified. Otherwise nuke all listeners.

Browser support

Tested on:

* Latest Chrome and Firefox.
* Opera 12+
* IE9 and IE10
* Safari 6

License

MIT License.
Copyright (c) 2012 Amjad Masad <amjad@codecademy.com> Ryzac, Inc.