├── .gitignore
├── test
    ├── test-1.html
    ├── styles.css
    ├── test-styles.html
    ├── index.html
    └── html-include-element_test.js
├── web-test-runner.config.js
├── package.json
├── CHANGELOG.md
├── html-include-element.js
└── README.md


/.gitignore:
--------------------------------------------------------------------------------
1 | node_modules/
2 | 


--------------------------------------------------------------------------------
/test/test-1.html:
--------------------------------------------------------------------------------
1 | <h1>TEST</h1>
2 | 


--------------------------------------------------------------------------------
/test/styles.css:
--------------------------------------------------------------------------------
1 | h1 {
2 |   color: red;
3 | }
4 | 


--------------------------------------------------------------------------------
/test/test-styles.html:
--------------------------------------------------------------------------------
1 | <link rel="stylesheet" href="./test/styles.css">
2 | <h1>TEST</h1>
3 | 


--------------------------------------------------------------------------------
/web-test-runner.config.js:
--------------------------------------------------------------------------------
1 | export default {
2 |   testFramework: {
3 |     config: {
4 |       ui: 'tdd',
5 |       timeout: '2000',
6 |     },
7 |   },
8 | };
9 | 


--------------------------------------------------------------------------------
/test/index.html:
--------------------------------------------------------------------------------
 1 | <!doctype html>
 2 | <html>
 3 |   <head>
 4 |     <script src="../node_modules/mocha/mocha.js"></script>
 5 |     <script src="../node_modules/chai/chai.js"></script>
 6 |     <script src="../node_modules/wct-mocha/wct-mocha.js"></script>
 7 |   </head>
 8 |   <body>
 9 |     <script type="module" src="./html-include-element_test.js"></script>
10 |   </body>
11 | </html>
12 | 


--------------------------------------------------------------------------------
/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "html-include-element",
 3 |   "version": "0.3.0",
 4 |   "description": "Include HTML files into your page",
 5 |   "type": "module",
 6 |   "main": "html-include-element.js",
 7 |   "scripts": {
 8 |     "test": "wtr test/**/*_test.js --node-resolve"
 9 |   },
10 |   "author": "Justin Fagnani <justin@fagnani.com>",
11 |   "license": "Apache-2.0",
12 |   "repository": {
13 |     "type": "git",
14 |     "url": "https://github.com/justinfagnani/html-include-element.git"
15 |   },
16 |   "files": [
17 |     "html-include-element.js"
18 |   ],
19 |   "devDependencies": {
20 |     "@esm-bundle/chai": "^4.3.4-fix.0",
21 |     "@web/test-runner": "^0.13.27"
22 |   }
23 | }
24 | 


--------------------------------------------------------------------------------
/CHANGELOG.md:
--------------------------------------------------------------------------------
 1 | # Change Log
 2 | 
 3 | All notable changes to this project will be documented in this file.
 4 | 
 5 | The format is based on [Keep a Changelog](http://keepachangelog.com/)
 6 | and this project adheres to [Semantic Versioning](http://semver.org/).
 7 | 
 8 | <!--
 9 |    PRs should document their user-visible changes (if any) in the
10 |    Unreleased section, uncommenting the header as necessary.
11 | -->
12 | 
13 | ## Unreleased
14 | 
15 | <!-- ### Changed -->
16 | <!-- ### Added -->
17 | <!-- ### Removed -->
18 | <!-- ### Fixed -->
19 | 
20 | ## [0.3.0] - 2022-03-23
21 | 
22 | ### Added
23 | 
24 | * Added `delegates-focus` attribute: https://github.com/justinfagnani/html-include-element/pull/13
25 | 
26 | ### Fixed
27 | 
28 | * Fixed a bug with the `load` event: https://github.com/justinfagnani/html-include-element/pull/12
29 | 
30 | 
31 | ## [0.2.0] - 2020-02-21
32 | 
33 | ### Added
34 | * Defer firing the `load` event until all `<link>` elements in the shadow root are finished loading.
35 | ### Fixed
36 | * Preserve light DOM content when including into shadow DOM
37 | 
38 | ## [0.1.3] - 2019-05-01
39 | 
40 | ### Fixed
41 | 
42 | * Add `<slot>` to project content when using `no-shadow`
43 | 
44 | ## [0.1.2] - 2019-04-16
45 | 
46 | ### Fixed
47 | * Handle possible race condition when changing the `src` attribute.
48 | 
49 | ## [0.1.1] - 2019-04-16
50 | 
51 | ### Fixed
52 | * Add repository to package.json
53 | 
54 | ## [0.1.0] - 2019-04-16
55 | 
56 | ### Initial Release
57 | 


--------------------------------------------------------------------------------
/test/html-include-element_test.js:
--------------------------------------------------------------------------------
 1 | import {assert} from '@esm-bundle/chai';
 2 | 
 3 | import '../html-include-element.js';
 4 | 
 5 | suite('html-include-element', () => {
 6 | 
 7 |   let container;
 8 | 
 9 |   setup(() => {
10 |     container = document.createElement('div');
11 |     document.body.appendChild(container);
12 |   });
13 | 
14 |   teardown(() => {
15 |     document.body.removeChild(container);
16 |     container = undefined;
17 |   });
18 | 
19 |   test('includes some HTML', async () => {
20 |     container.innerHTML = `
21 |       <html-include src="./test/test-1.html"></html-include>
22 |     `;
23 |     const include = container.querySelector('html-include');
24 |     await new Promise((res) => {
25 |       include.addEventListener('load', () => res());
26 |     });
27 |     assert.equal(include.shadowRoot.children[0].tagName, 'STYLE');
28 |     assert.equal(include.shadowRoot.children[1].outerHTML, '<h1>TEST</h1>');
29 |   });
30 | 
31 |   test('includes some HTML in light DOM', async () => {
32 |     container.innerHTML = `
33 |       <html-include no-shadow src="./test/test-1.html"></html-include>
34 |     `;
35 |     const include = container.querySelector('html-include');
36 |     await new Promise((res) => {
37 |       include.addEventListener('load', () => res());
38 |     });
39 |     assert.equal(include.innerHTML.trim(), '<h1>TEST</h1>');
40 |   });
41 | 
42 |   test('preserves light DOM when including to shadow DOM', async () => {
43 |     container.innerHTML = `
44 |       <html-include src="./test/test-1.html">TEST</html-include>
45 |     `;
46 |     const include = container.querySelector('html-include');
47 |     await new Promise((res) => {
48 |       include.addEventListener('load', () => res());
49 |     });
50 |     assert.equal(include.innerHTML, 'TEST');
51 |   });
52 | 
53 |   test('waits for styles to load', async () => {
54 |     container.innerHTML = `
55 |       <html-include src="./test/test-styles.html">TEST</html-include>
56 |     `;
57 |     const include = container.querySelector('html-include');
58 |     await new Promise((res) => {
59 |       include.addEventListener('load', () => {
60 |         assert.isNotNull(include.shadowRoot.querySelector('link').sheet);
61 |         res();
62 |       });
63 |     });
64 |   });
65 | 
66 |   // TODO: tests for mode & changing src attribute
67 | 
68 | });
69 | 


--------------------------------------------------------------------------------
/html-include-element.js:
--------------------------------------------------------------------------------
  1 | const LINK_LOAD_SUPPORTED = 'onload' in HTMLLinkElement.prototype;
  2 | 
  3 | /**
  4 |  * Firefox may throw an error when accessing a not-yet-loaded cssRules property.
  5 |  * @param {HTMLLinkElement}
  6 |  * @return {boolean}
  7 |  */
  8 | function isLinkAlreadyLoaded(link) {
  9 |   try {
 10 |     return !!(link.sheet && link.sheet.cssRules);
 11 |   } catch (error) {
 12 |     if (error.name === 'InvalidAccessError' || error.name === 'SecurityError')
 13 |       return false;
 14 |     else
 15 |       throw error;
 16 |   }
 17 | }
 18 | 
 19 | /**
 20 |  * Resolves when a `<link>` element has loaded its resource.
 21 |  * Gracefully degrades for browsers that don't support the `load` event on links.
 22 |  * in which case, it immediately resolves, causing a FOUC, but displaying content.
 23 |  * resolves immediately if the stylesheet has already been loaded.
 24 |  * @param  {HTMLLinkElement} link
 25 |  * @return {Promise<StyleSheet>}
 26 |  */
 27 | async function linkLoaded(link) {
 28 |   return new Promise((resolve, reject) => {
 29 |     if (!LINK_LOAD_SUPPORTED) resolve();
 30 |     else if (isLinkAlreadyLoaded(link)) resolve(link.sheet);
 31 |     else {
 32 |       link.addEventListener('load', () => resolve(link.sheet), { once: true });
 33 |       link.addEventListener('error', reject, { once: true });
 34 |     }
 35 |   });
 36 | }
 37 | 
 38 | /**
 39 |  * Embeds HTML into a document.
 40 |  *
 41 |  * The HTML is fetched from the URL contained in the `src` attribute, using the
 42 |  * fetch() API. A 'load' event is fired when the HTML is updated.
 43 |  *
 44 |  * The request is made using CORS by default. This can be chaned with the `mode`
 45 |  * attribute.
 46 |  *
 47 |  * By default, the HTML is embedded into a shadow root. If the `no-shadow`
 48 |  * attribute is present, the HTML will be embedded into the child content.
 49 |  *
 50 |  */
 51 | export class HTMLIncludeElement extends HTMLElement {
 52 |   static get observedAttributes() {
 53 |     return ['src', 'mode', 'no-shadow'];
 54 |   }
 55 | 
 56 |   /**
 57 |    * The URL to fetch an HTML document from.
 58 |    *
 59 |    * Setting this property causes a fetch the HTML from the URL.
 60 |    */
 61 |   get src() {
 62 |     return this.getAttribute('src');
 63 |   }
 64 | 
 65 |   set src(value) {
 66 |     this.setAttribute('src', value);
 67 |   }
 68 | 
 69 |   /**
 70 |    * The fetch mode to use: "cors", "no-cors", or "same-origin".
 71 |    * See the fetch() documents for more information.
 72 |    *
 73 |    * Setting this property does not re-fetch the HTML.
 74 |    */
 75 |   get mode() {
 76 |     return this.getAttribute('mode');
 77 |   }
 78 | 
 79 |   set mode(value) {
 80 |     this.setAttribute('mode', value);
 81 |   }
 82 | 
 83 |   /**
 84 |    * If true, replaces the innerHTML of this element with the text response
 85 |    * fetch. Setting this property does not re-fetch the HTML.
 86 |    */
 87 |   get noShadow() {
 88 |     return this.hasAttribute('no-shadow');
 89 |   }
 90 | 
 91 |   set noShadow(value) {
 92 |     if (!!value) {
 93 |       this.setAttribute('no-shadow', '');
 94 |     } else {
 95 |       this.removeAttribute('no-shadow');
 96 |     }
 97 |   }
 98 | 
 99 |   constructor() {
100 |     super();
101 |     this.attachShadow({mode: 'open', delegatesFocus: this.hasAttribute('delegates-focus')});
102 |     this.shadowRoot.innerHTML = `
103 |       <style>
104 |         :host {
105 |           display: block;
106 |         }
107 |       </style>
108 |     `;
109 |   }
110 | 
111 |   async attributeChangedCallback(name, oldValue, newValue) {
112 |     if (name === 'src') {
113 |       let text = '';
114 |       try {
115 |         const mode = this.mode || 'cors';
116 |         const response = await fetch(newValue, {mode});
117 |         if (!response.ok) {
118 |           throw new Error(`html-include fetch failed: ${response.statusText}`);
119 |         }
120 |         text = await response.text();
121 |         if (this.src !== newValue) {
122 |           // the src attribute was changed before we got the response, so bail
123 |           return;
124 |         }
125 |       } catch(e) {
126 |         console.error(e);
127 |       }
128 |       // Don't destroy the light DOM if we're using shadow DOM, so that slotted content is respected
129 |       if (this.noShadow) this.innerHTML = text;
130 |       this.shadowRoot.innerHTML = `
131 |         <style>
132 |           :host {
133 |             display: block;
134 |           }
135 |         </style>
136 |         ${this.noShadow ? '<slot></slot>' : text}
137 |       `;
138 | 
139 |       // If we're not using shadow DOM, then the consuming root
140 |       // is responsible to load its own resources
141 |       if (!this.noShadow) {
142 |         await Promise.all([...this.shadowRoot.querySelectorAll('link')].map(linkLoaded));
143 |       }
144 | 
145 |       this.dispatchEvent(new Event('load'));
146 |     }
147 |   }
148 | }
149 | customElements.define('html-include', HTMLIncludeElement);
150 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # `<html-include>`
  2 | 
  3 | Easily include external HTML into your pages.
  4 | 
  5 | ## Overview
  6 | 
  7 | `<html-include>` is a web component that fetches HTML and includes it into your page.
  8 | 
  9 | ```html
 10 | <html-include src="./my-local-file.html"></html-include>
 11 | ```
 12 | 
 13 | `<html-include>` works with any framework, or no framework at all.
 14 | 
 15 | By default `<html-include>` renders the HTML in a shadow root, so it's isolated from the rest of the page. This can be configured with the `no-shadow` attribute.
 16 | 
 17 | ## Installation 
 18 | 
 19 | Install from npm:
 20 | 
 21 | ```bash
 22 | npm i html-include-element
 23 | ```
 24 | 
 25 | Or load from a CDN like unpkg.com: `https://unpkg.com/html-include-element`
 26 | 
 27 | ## Usage
 28 | 
 29 | `<html-include>` is distributed as standard JS modules, which are supported in all current major browsers.
 30 | 
 31 | You can load it into a page with a `<script>` tag:
 32 | 
 33 | ```html
 34 | <head>
 35 |   <script type="module" src='https://unpkg.com/html-include-element'></script>
 36 | </head>
 37 | <body>
 38 |   <html-include src="./my-local-file.html"></html-include>
 39 | </body>
 40 | ```
 41 | 
 42 | Or import into a JavaScript module:
 43 | 
 44 | ```js
 45 | import {HTMLIncludeElement} from 'html-include-element';
 46 | ```
 47 | 
 48 | `<html-include>` fires a `load` even when the included file has been loaded. When including into shadow DOM (the default behavior) the `load` event is fired after any `<link>` elements in the included file have loaded as well.
 49 | 
 50 | This allows you to hide the `<html-include>` element and show it after the `load` event fires to avoid flashes of unstyled content.
 51 | 
 52 | ### Same-origin policy and CORS
 53 | 
 54 | `<html-include>` uses the `fetch()` API to load the HTML. This means it uses the same-origin security model and supports CORS. In order to load an external resource it must either be from the same origin as the page, or send CORS headers. You can control the fetch mode with the `mode` attribute.
 55 | 
 56 | ### Styling included HTML
 57 | 
 58 | When included into shadow DOM, the HTML and its styles are isolated from the rest of the page. Main page selectors will not select into the content, and the included HTML can have `<style>` tags which will be scoped and not leak to the rest of the page.
 59 | 
 60 | The content can be styled with CSS custom variables and other inheritable properties, like `color` and `font-family`. If the HTML includes elements with `part` attributes, those elements can be styled with the `::part()` selector.
 61 | 
 62 | Included HTML can also have `<slot>` elements, which will allow children of `<html-include>` to be projected into the HTML. These can be styled from within the included HTML with the `::slotted()` selector.
 63 | 
 64 | If the `no-shadow` attribute is present, then the included HTML can by styled with global styles. Beware though, styles in the included HTML will apply to the whole page.
 65 | 
 66 | ## Attributes
 67 | 
 68 | ### `src`
 69 | 
 70 | The URL to fetch an HTML document from.
 71 | 
 72 | ### `mode`
 73 | 
 74 | The fetch mode to use: "cors", "no-cors", or "same-origin". See the fetch() documents for more information.
 75 | 
 76 | ### `no-shadow`
 77 | 
 78 | A boolean attribute, which if present, causes the element to include the fetched HTML into its light DOM children.
 79 | 
 80 | ### `delegates-focus`
 81 | 
 82 | A boolean attribute, which if present, causes the element to [delegate focus](https://developer.mozilla.org/en-US/docs/Web/API/ShadowRoot/delegatesFocus) to the first focusable element in the shadow root.
 83 | 
 84 | ## Browser Support
 85 | 
 86 | Web components are supported by Chrome, Safari, Firefox, Opera and other Chromium-based browsers including the next version of Edge.
 87 | 
 88 | Other browsers, like current versions Edge and older but recent versions of Chrome, Safari, and Firefox, will require the web components polyfills.
 89 | 
 90 | IE11 *may* work with the polyfills if this library is compiled, but that would be accidental: IE is explicitly not supported.
 91 | 
 92 | The web component polyfills can be loaded from unpkg.com:
 93 | 
 94 | ```html
 95 | <script src="https://unpkg.com/@webcomponents/webcomponentsjs/webcomponents-loader.js"></script>
 96 | ```
 97 | 
 98 | Or locally:
 99 | 
100 | ```bash
101 | npm i @webcomponents/webcomponentsjs
102 | ```
103 | 
104 | ```html
105 | <script src="./node_modules/@webcomponents/webcomponentsjs/webcomponents-loader.js></script>
106 | ```
107 | 
108 | ## Support, Maintenance, and Contributions
109 | 
110 | This is a personal side-project and published basically "as-is". I will try to get CI running, add more tests, and improve the documentation as time permits. PRs welcome, but if I'm not responsive, please feel free to fork.
111 | 
112 | And no, I will not publish an ES5 version 🤨. Applications can compile to the language level their target browsers support. Bundlers can and should be configured to compile packages in `node_modules` as necessary. 
113 | 
114 | ## Alternate Approaches
115 | 
116 | I made this project after seeing this blog post on using iframes to implement HTML-include behavior: https://www.filamentgroup.com/lab/html-includes/
117 | 
118 | That approach uses an iframe to load the external HTML document, then inline script to move the nodes into the main document. I believe the web component approach is far better for a few reasons:
119 | 
120 | ### CSP Compliant 
121 | 
122 | `onload` attributes are blocked by CSP most policies.
123 | 
124 | ### CORS compatibility
125 | 
126 | By using `fetch()` we can make a CORS request for the content. A cross-origin iframe will not allow its contents to be accessed from the main page.
127 | 
128 | For the web components, more options from `fetch()` can be exposed as well, such as `method`, `body`, `integrety`, and `cache`.
129 | 
130 | ### Scripts don't execute
131 | 
132 | iframes will execute scripts. Cross-origin documents won't be moved into the main page, so their scripts will run to completion. I'm not exactly sure what will happen with same-origin script when they are moved into the main document. It may depend on the presence of other scripts or external resources. Either way, it's a feature that `<html-include>` will not run scripts due to using `innerHTML`.
133 | 
134 | ### Consistent styling
135 | 
136 | iframes completely isolate the styles of content document from those of the host document. This means that the iframe approach has two completely different styling modes: fully isolated, or absolutely no isolation. Neither is desirable, and the styling behavior will change based on CSP, cross-origin documents, or whether script is enabled.
137 | 
138 | This web component requires JavaScript, like all web components, but the styling behavior is consistent.
139 | 
140 | ### Controlled styling
141 | 
142 | Shadow DOM prevents any styles inside the shadow root from applying to the main page, so the included HTML can't pollute the page. The iframe-replacement approach will allow styles in the external document to style anything in the main page.
143 | 
144 | Shadow DOM allows inherited CSS properties, such as `color`, `font-family`, and all custom variables, to pierce the shadow boundary, so basic content will be consistent with the page. HTML annotated with `part` attributes can be styled from the host page with `::part()` selectors.
145 | 
146 | ### Declarative and self-contained
147 | 
148 | Having the implementation of the include be re-written for every instance will make the iframe approach difficult to maintain. The web component is self-contained and the implementation can be updated across usages.
149 | 
150 | ### Composition
151 | 
152 | Since the included HTML is rendered in a shadow root, it can contain `<slot>` elements, allowing the included content to project children from the `<html-include>` into itself. This may be a fringe case, but imaging a CMS system where the content can control where certain host-provided blocks go. I'm very curious to see how this might be used.
153 | 
154 | Main page:
155 | ```html
156 | <html-include>
157 |   <div slot="suggested-articles">...</div>
158 | </html-include>
159 | ```
160 | 
161 | Content:
162 | ```html
163 | <article>
164 |   <header>...</header>
165 |   <main>...</main>
166 |   <!-- render suggested articles here -->
167 |   <slot name="suggested-articles"></slot>
168 |   <footer>...</footer>
169 | </article>
170 | ```
171 | 


--------------------------------------------------------------------------------