Skip to content
Cross domain components
Branch: master
Clone or download
Latest commit 137eab8 May 13, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
demo Remove parent template from renderto example Feb 14, 2019
dist Dist May 13, 2019
docs Update React example to use Component.driver syntax (#224) Apr 8, 2019
src Run child domain check before initializing child May 13, 2019
test Manually set up post-robot on component create Mar 8, 2019
.eslintignore Fix demos Jan 25, 2019
.eslintrc.js Add tests for embedded iframe cases Jan 25, 2019
.flowconfig Major overhaul Jan 10, 2019
.gitignore React v16 support (#122) Oct 3, 2017
.npmrc Do not save package.json on install Nov 7, 2018
.travis.yml Major overhaul Jan 10, 2019
AUTHORS.md Overhauled demos Sep 24, 2016
CONTRIBUTING.md Rename to zoid May 30, 2018
LICENSE.txt
README.md Major overhaul Jan 10, 2019
SECURITY.md Updated SECURITY.md to be more specific (#176) Aug 14, 2018
babel.config.js Major overhaul Jan 10, 2019
globals.js Manually set up post-robot on component create Mar 8, 2019
index.js Rename to zoid May 30, 2018
karma.conf.js Major overhaul Jan 10, 2019
package.json 9.0.25 May 13, 2019
publish.sh Upgrade post-robot Feb 5, 2019
webpack.config.js Upgrade post-robot Feb 5, 2019
zoid.png Rename to zoid May 30, 2018

README.md


A cross-domain component toolkit, supporting:

  • Render an iframe or popup on a different domain, and pass down props, including objects and functions
  • Call callbacks natively from the child window without worrying about post-messaging or cross-domain restrictions
  • Create and expose components to share functionality from your site to others!
  • Render your component directly as a React, Vue or Angular component!

It's 'data-down, actions up' style components, but 100% cross-domain using iframes and popups!


API Docs

Public options and methods supported by zoid

Demos

Working demos of different zoid patterns

Demo App

Forkable demo app with build, test, publishing and demos pre-configured.

Example

A full example of a cross-domain component using zoid


Quick example

Define a component to be put on both the parent and child pages:

var MyLoginComponent = zoid.create({

    tag: 'my-login-component',
    url: 'http://www.my-site.com/my-login-component'
});

Render the component on the parent page:

<div id="container"></div>

<script src="script-where-my-login-component-is-defined.js"></script>
<script>
    MyLoginComponent({

        prefilledEmail: 'foo@bar.com',

        onLogin: function(email) {
            console.log('User logged in with email:', email);
        }

    }).render('#container');
</script>

Implement the component in the iframe:

<input type="text" id="email" />
<input type="password" id="password" />
<button id="login">Log In</button>

<script src="script-where-my-login-component-is-defined.js"></script>
<script>
    var email = document.querySelector('#email');
    var password = document.querySelector('#password');
    var button = document.querySelector('#login');

    email.value = window.xprops.prefilledEmail;

    function validUser (email, password) {
      return email && password;
    }

    button.addEventListener('click', function() {
        if (validUser(email.value, password.value)) {
            window.xprops.onLogin(email.value);
        }
    });
</script>

Useful Links

Framework Specific

Rationale

Writing cross domain components is tricky.

Consider this: I own foo.com, you own bar.com, and I have some functionality I want to share on your page. I could just give you some javascript to load in your page. But then:

  • What if I've written a component in React, but you're using some other framework?
  • What if I have secure form fields, or secure data I don't want your site to spy on?
  • What if I need to make secure calls to my back-end, without resorting to CORS?

What about an iframe?

You could just use a vanilla iframe for all of this. But:

  • You have to pass data down in the url, or with a post-message.
  • You need to set up post-message listeners to get events back up from the child.
  • You need to deal with error cases, like if your iframe fails to load or doesn't respond to a post-message.
  • You need to think carefully about how to expose all this functionality behind a simple, clear interface.

zoid solves all of these problems.

  • You pass data and callbacks down as a javascript object
  • zoid renders the component and passes down the data
  • The child calls your callbacks when it's ready

It will even automatically generate React and Angular bindings, so people can drop-in your component anywhere and not worry about iframes or post-messages.

FAQ

  • Do I need to use a particular framework like React to use zoid?

    No, zoid is framework agnostic. You can:

    • Use it with vanilla javascript.
    • Use it with any framework of your choice.
    • Use it with React or Angular and take advantage of the automatic bindings on the parent page
  • Why write another ui / component library?

    This isn't designed to replace libraries like React, which are responsible for rendering same-domain components. In fact, the only real rendering zoid does is iframes and popups; the rest is up to you! You can build your components using any framework, library or pattern you want, then use zoid to expose your components cross-domain. It should play nicely with any other framework!

  • Aren't iframes really slow?

    Yes, but there are a few things to bear in mind here:

    • zoid isn't designed for building components for your own site. For that you should use native component libraries like React, which render quickly onto your page. Use zoid to share functionality with other sites, that you can't share native-javascript components with

    • zoid also provides mechanisms for pre-rendering html and css into iframes and popups, so you can at least render a loading spinner, or maybe something more advanced, while the new window loads its content.

  • I don't want to bother with popups, can I get zoid with just the iframe support?

    You can indeed. There's an zoid.frame.js and zoid.frame.min.js in the dist/ folder. There's a lot of magic that's needed to make popups work with IE, and that's all trimmed out.

  • Can I contribute?

    By all means! But please raise an issue first if it's more than a small change, to discuss the feasibility.

  • Is this different to react-frame-component?

    Yes. react-frame-component allows you to render html into a sandboxed iframe on the same domain. zoid is geared around sharing functionality from one domain to another, in a cross-domain iframe.

Browser Support

  • Internet Explorer 9+
  • Chrome 27+
  • Firefox 30+
  • Safari 5.1+
  • Opera 23+
You can’t perform that action at this time.