Readme

BlazorFrame

Name: BlazorFrame
Author: BlazorFrame

A Blazor component that provides an enhanced iframe wrapper with automatic resizing, cross-frame communication, and seamless JavaScript interop with built-in security features.

Features

Security-First Design - Origin validation, message filtering, and comprehensive security options
Responsive - Dynamically resizes iframe based on content height (can be enabled/disabled)
Cross-Frame Messaging - Built-in support for postMessage communication with validation
Event Callbacks - OnLoad, OnMessage, and security event handling
Flexible Styling - Customizable width, height, and additional attributes
JavaScript Interop - Seamless integration with Blazor's JS interop
Scrolling Control - Enable or disable scrolling within the iframe wrapper
Disposal Pattern - Proper cleanup of resources and event listeners

Installation

Install the package via NuGet Package Manager:

dotnet add package BlazorFrame

Or via Package Manager Console:

Install-Package BlazorFrame

Quick Start (Secure by Default)

@using BlazorFrame

<BlazorFrame Src="https://example.com" />

The component automatically derives allowed origins from the Src URL for secure messaging.

Usage Examples

Basic Usage with Event Handling

@using BlazorFrame
@using BlazorFrame.Models

<BlazorFrame Src="@iframeUrl"
            Width="100%"
            Height="400px"
            EnableAutoResize="true"
            EnableScroll="false"
            OnLoad="HandleIframeLoad"
            OnValidatedMessage="HandleValidatedMessage"
            OnSecurityViolation="HandleSecurityViolation"
            class="my-custom-iframe" />

@code {
    private string iframeUrl = "https://example.com";

    private Task HandleIframeLoad()
    {
        Console.WriteLine("Iframe loaded successfully!");
        return Task.CompletedTask;
    }

    private Task HandleValidatedMessage(IframeMessage message)
    {
        Console.WriteLine($"Secure message from {message.Origin}: {message.Data}");
        return Task.CompletedTask;
    }

    private Task HandleSecurityViolation(IframeMessage violation)
    {
        Console.WriteLine($"Security violation: {violation.ValidationError}");
        return Task.CompletedTask;
    }
}

Parameter	Type	Default	Description
`Src`	`string`	`""`	The URL to load in the iframe
`Width`	`string`	`"100%"`	The width of the iframe
`Height`	`string`	`"600px"`	The initial height of the iframe
`EnableAutoResize`	`bool`	`true`	Whether to automatically resize the iframe based on content height
`EnableScroll`	`bool`	`false`	Whether to enable scrolling within the iframe wrapper
`AllowedOrigins`	`List<string>?`	`null`	Explicit list of allowed origins. If null, auto-derives from Src
`SecurityOptions`	`MessageSecurityOptions`	`new()`	Security configuration options
`OnLoad`	`EventCallback`	-	Callback fired when the iframe loads
`OnMessage`	`EventCallback<string>`	-	Callback fired when receiving valid postMessage (legacy)
`OnValidatedMessage`	`EventCallback<IframeMessage>`	-	Callback fired with full message validation details
`OnSecurityViolation`	`EventCallback<IframeMessage>`	-	Callback fired when security violations occur
`AdditionalAttributes`	`Dictionary<string, object>`	-	Additional HTML attributes to apply

Tim-Maes/BlazorFramev1.2.2

Get Started

Readme

BlazorFrame

Features

Installation

Quick Start (Secure by Default)

Usage Examples

Basic Usage with Event Handling

Advanced Security Configuration

Parameters

Security Features

Origin Validation

Message Validation

Validated Message Model

Security Event Handling

Automatic Resizing

Cross-Frame Communication

Sending Messages from Iframe (Secure)

Special Resize Messages

Receiving Validated Messages

Styling and CSS

Examples

Loading Different Content Types

Multi-Domain Setup

High-Security Configuration

Responsive Design

Disabling Auto-Resize for Fixed Height

Custom Styling and Attributes

Best Practices

Requirements

Browser Support

License

Support

Version History

v1.1.0

v1.0.1