...
If your application embeds content within an iframe and you have control over the content inside that iframe, you’ll need to adjust your approach. Instead of using BrightSign objects directly inside the iframe, you should send messages from the iframe to the parent window using the postMessage() method. The parent window, which contains the BrightSign objects, can then handle these messages and execute the necessary actions.
Here Below is an example in which the iframe sends a message to the parent window using window.parent.postMessage(). The parent window listens for messages using the message event listener, and upon receiving a message, it can interact with the BrightSign objects to perform the desired actions.
...
If your application loads public URLs within an iframe, avoid using BrightSign objects within the iframe. Public content can be unpredictable and potentially insecure. Using BrightSign objects in such scenarios could expose your application to vulnerabilities if the content is compromised or maliciously altered. To maintain security, it’s best to avoid Avoid embedding BrightSign objects in these cases .We strongly recommend using and instead use Node-style @brightsign objects whenever whenever possible. These objects align with modern JavaScript development practices, provide enhanced security, and let you maintain compatibility and security across different environments and Chromium versions.