Angular iframe

Angular iframe

Embedding external content into an Angular application can be achieved through the use of iframes, which are HTML elements that allow you to display content from another webpage within your own application. This can be useful for integrating third-party services, embedding videos, or displaying maps, among other purposes.

Embedding an Iframe in Angular

To embed an iframe in your Angular application, you can simply add the <iframe> tag to your template. However, there are a few important considerations to keep in mind:

  1. Security: Angular employs a security mechanism called DomSanitization to prevent malicious code from being injected into your application. This means you can't directly bind the src attribute of an iframe to an external URL.

  2. Sanitizing the URL: To safely embed an iframe, you'll need to sanitize the URL using the DomSanitizer service. This ensures that the URL is valid and doesn't contain any potentially harmful code.

Sanitizing the Iframe URL

Here's how to sanitize the iframe URL using the DomSanitizer service:

  1. Import the DomSanitizer service:
import { DomSanitizer } from '@angular/platform-browser';
  1. Inject the DomSanitizer service into your component class:
constructor(private domSanitizer: DomSanitizer) {}
  1. Use the bypassSecurityTrustResourceUrl method to sanitize the URL:
<iframe [src]="sanitizedUrl"></iframe>
  1. Create a function to sanitize the URL:
sanitizedUrl = this.domSanitizer.bypassSecurityTrustResourceUrl('https://external.com/iframe.html');

Alternative Approach: Using a Pipe

Alternatively, you can create a custom pipe to sanitize the iframe URL. This approach ensures that the URL is sanitized even if you bind it to a property using interpolation:

  1. Create a pipe class:
import { Pipe, PipeTransform } from '@angular/core';
import { DomSanitizer } from '@angular/platform-browser';

@Pipe({
  name: 'iframeUrl',
})
export class IframeUrlPipe implements PipeTransform {
  constructor(private domSanitizer: DomSanitizer) {}

  transform(url: string): string {
    return this.domSanitizer.bypassSecurityTrustResourceUrl(url);
  }
}
  1. Use the pipe in your template:
<iframe [src]="externalUrl | iframeUrl"></iframe>

Accessing Iframe Content

To interact with the content inside the iframe, you can use the WindowRef service. This service provides access to the window object of the iframe:

import { WindowRef } from '@angular/platform-browser';

constructor(private windowRef: WindowRef) {}

handleIframeEvent(): void {
  const iframeContent = this.windowRef.get().document.body.textContent;
  // Process the iframe content
}

Additional Considerations

  • Ensure that the iframe's src attribute is set on the element's creation, not dynamically. This is a security measure enforced by Angular's DomSanitizer.

  • Use the sandbox attribute to control the iframe's communication with the parent window. This can help protect against potential security vulnerabilities.

  • Be cautious when embedding third-party content, as you may be exposing your application to external code. Only embed content from trusted sources.


  • Date: