search

firasdib / Regex101

This repository is currently only used for issue tracking for www.regex101.com
3.2k stars 198 forks source link

Sharing Regex on my website (embed regex101.com) #2219

Open slhuilli1 opened 5 months ago

slhuilli1 commented 5 months ago

Feature

Hi, From my website, I share all I code for Joomla plugin. I use Regex101 for testing my regex. When my regex is OK, I integrate it into my code. But I write an article for explain to my community what I code. I'd like to share my regex work on my website (I write article for each Joomla plugin I write), so, like some website, I suggest you a code generator for embedding my work from regex101 to my webpages, like an iframe, with ad of your site for example I'd like like to share this "printscreen" image_2024-01-30_183342440

hediet commented 4 months ago

If the iframe would react to window.onmessage and send changes of the regexp back via parent.sendmessage, this would allow for some very nice embedding scenarios!

Since you are in control of the content of the iframe, you can still monetize the content, e.g. by showing subtle ads.

(I'm a VS Code engineer, currently exploring iframe based custom editors - this would be a super nice use-case)

firasdib commented 4 months ago

Right, I can see the value in this. I wonder if there are any security implications I'd have to consider?

slhuilli1 commented 4 months ago

My proposal is not to interact from the website but just to share the regex in read-only mode. A bit like Facebook does with sharing a publication

hediet commented 4 months ago

Right, I can see the value in this. I wonder if there are any security implications I'd have to consider?

The outer iframe cannot access any data/dom of the inner iframe, if they are on different domains. However, the outer iframe can send and listen to messages of the inner iframe.

You just have to be aware of clickjacking - when an embedder loads the iframe, the user is authenticated inside that iframe. I don't think this is a problem for regex101 though. Maybe there could be some https://regex101.com/embedded even, which would be the only page where the server sends X-Frame-Options: allow?

My proposal is not to interact from the website but just to share the regex in read-only mode. A bit like Facebook does with sharing a publication

Bidirectional editing would allow for some very interesting use-cases in code editors, such as VS Code.