The following HTML code demonstrates a problem with IE9:

<html>
<head>
<meta charset="utf-8">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<script src="jquery.js"></script>
</head>
<body>  
<script>
function setFrame() {
    alert("Setting srcDoc for testFrame");
    srcDoc.set(document.getElementById("testFrame"),
     '<html><head><meta charset=\'UTF-8\'></head><body>' + 
       String.fromCharCode(1601) + 
     '</body></html>');
}     
</script>
  <button onclick="setFrame()">Click me</button>
  Frame 1:<br>
 <iframe src="about:blank" id="testFrame">
 </iframe>
 <script src="polyfill.js"></script>
</body>
</html>

I expect to see the Arabic character "ف", but instead see mangled text output.

I can inject an alert into polyfill that shows the content it receives is proper UTF-8.

I am serving this from a basic nginx on linux.

The problem does not show up when browsing with Chrome/FF/IE10.

(I forced polyfill to use the 'legacy' path for those to be sure).

The same issue can be seen with what is effectively the result of this:

document.getElementById("testFrame").src = "javascript:{String.fromCharCode(1601);};";

For IE9, this produces the mangled text. For IE10, it is fine.

The UTF-8 bytes in the content present when I use "view source" on the iFrame appear to be 0x0041 0x0006 in Hex, which in fact is the reverse (and padded) value of the actual desired UTF8 of 0x06 0x41.

I can also inject HTML escaped items in Hex, ie: &#x0641. This works for IE9. But using the actual UTF-8 byte sequence, which is the case in many input files, does not. Therefore, a general solution may need to escape all multibyte input characters.

It seems that the polyfill is broken on Edge 17.
Here is my workaround. I was to lazy to fork and create a PR.

/**
 * just a Promise wrapper around addEventListener
 * @param {HTMLElement} emitter
 * @param {String} eventName
 * @return {Promise}
 */
function fromEvent(emitter, eventName){
  return new Promise(...)
}
/**
 * @param {HTMLIFrameElement} iframe
 * @param {String} html
 * @return {Promise}
 */
function setSrcdocForIframeWithHtml(iframe, html)
{
	iframe.setAttribute("srcdoc", html);

	if (isCompliant)
	{
		return fromEvent(iframe, 'load');
	}
	
	// In Edge 17 all of that does not work, though Edge 18 will probably support srcdoc
	const
		isBadEdge = /Edge\/17\.\d+/.test(navigator.userAgent);
	
	if (!isBadEdge)
	{
		var jsUrl = "javascript: window.frameElement.getAttribute('srcdoc');";
		iframe.setAttribute("src", jsUrl);
		// Explicitly set the iFrame's window.location for
		// compatibility with IE9, which does not react to changes in
		// the `src` attribute when it is a `javascript:` URL, for
		// some reason
		if (iframe.contentWindow)
		{
			iframe.contentWindow.location = jsUrl;
		}
		return fromEvent(iframe, 'load');
	}
	return fromEvent(iframe, 'load')
	.then(function onIframeFirstLoaded()
	{
		iframe.contentWindow._my_app_getSource = function() { return html; };
		iframe.contentWindow.location = "javascript: _my_app_getSource()";
		return fromEvent(iframe, 'load');
	});
});

srcdoc-polyfill cannot support ios line browser now.

Does have any plan to support it or I could provide a pull request if you want me do.

I am assuming this will not support angular or any other framework that would be dynamically generating HTML with iFrames as this assumes the iFrames to be present on instantiation.

This polyfill's fundamental mechanism is incompatible with the "sandbox" iframe attribute. Document this, and consider issuing an explicit warning describing the problem when it occurs.

included the polyfill js via <script> before </body>

<iframe srcdoc="This is a test">``</iframe>

Not showing anything

most recent IE11 version: 11.0.9600

Is there any way to create a srcdoc setter on the iframe prototype? So something like the following could be supported in IE

var iframe = document.createElement("iframe");
iframe.srcdoc = "<html><body>foo</body></html>"

instead of

var iframe = document.createElement("iframe");
srcDoc.set(iframe, "<html><body>foo</body></html>");

I couldn't figure it out but I have never attempted something like this before.

https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/defineProperty

Hey,

It seems the package is not published.

I'm getting "SCRIPT1015: Unterminated string constant" error when trying to process srcdoc longer than 4080 characters using Internet Explorer 9.

It seems that src/location in Internet Explorer is limited to 4094 characters (including the javascript: protocol).
Do you know any workaround for this issue?

I have a mean-stack website. I want to dynamically construct a variable that contains a valid html string, then render it in an iframe. After some research, I tried the following code: (JSBin)

    <html>
        <head>
            <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.5.7/angular.min.js"></script>
            <script src="https://cdn.rawgit.com/jugglinmike/srcdoc-polyfill/master/srcdoc-polyfill.min.js"></script>
        </head>
        <body ng-app="app" ng-controller="Ctrl">
            <iframe srcdoc="{{content | toTrusted}}"></iframe>
            <script>
                var app = angular.module('app', []);
                app.controller("Ctrl", ["$scope", function($scope) {
                    $scope.content = "<b>hello</b>";
                }])
                app.filter('toTrusted', ['$sce', function($sce) {
                    return function(text) {
                        return $sce.trustAsHtml(text);
                    };
                }]);
            </script>
        </body>
    </html>

It works fine in Chrome, whereas it does not work in IE (eg, IE 11), even though I use src-polyfill.

Does anyone have a solution?

Hi @jugglinmike
I used the polyfill to create custom VSTS task extension for TFS 2018 (which runs on the local server). The task also has one project which runs as build enhancer; it creates an iframe without allow-same-origin. I couldn't use the src tag because of limitation in the file being fetched as 'application/octet' type and downloaded instead of being loaded in the iframe.
Please guide me on how to ensure that srcdoc works in such a restricted environment.
Best Regards

i.e. <iframe sandbox="allow-scripts" srcdoc="<h1>hello</h1>></iframe>
both IE10 and IE11 won't work

https://github.com/jugglinmike/srcdoc-polyfill/blob/master/srcdoc-polyfill.js#L33
This is a bug it should look like this:

...
} else if (!options || options.force === false) {
...

Just think about it
The second check (!options || options.force !== false) does not make sense
The case should be triggered when there is some options passed in and the "force" property has "not falsy" value what is literally duplicate the first if branch

Kind of hard to make a good testcase for this one, because it seems a bit random when it occurs, but anyhow:

My company makes games for the internet, which in turn are included in different web pages, sometimes iframes, sometimes not, sometimes dynamically created, sometimes loaded via an URL, you get the picture.

Sometimes, not always, dynamically created iframes lose the document.domain inheritance on Edge. When this happens, window.frameElement.getAttribute('srcdoc'); gives SCRIPT5: Access Denied.

In the end I solved it by implementing the srcdoc functionality like this instead:

iframe.contentWindow.srcdoc = content;
iframe.src = 'javascript:window["srcdoc"]';

I have no idea why this is allowed and not window.frameElement but there you are.

I thought I'd open this issue (and I could provide a pull request if you want me to) in case you want to cover this edge-case as well. It's possibly rare, but real. It still works on all modern browsers AFAICT