HTML 5 postMessage() API allows cross-domain messaging
11 May 2008
Finally an answer for mashups and cross-domain widget developers. Also, a lovely attack surface for the security crowd.
Now domain-x can communicate with domain-y legally. John Resig's has a nice writeup about this feature in Firefox 3.x http://ejohn.org/blog/cross-window-messaging/.
The HTML 5 spec spells out the details with vivid warnings for User Agent developers.
This functionality has been provided for a while now from smack-ups like the XssInterface project and Google Gears
Now domain-x can communicate with domain-y legally. John Resig's has a nice writeup about this feature in Firefox 3.x http://ejohn.org/blog/cross-window-messaging/.
The HTML 5 spec spells out the details with vivid warnings for User Agent developers.
This functionality has been provided for a while now from smack-ups like the XssInterface project and Google Gears
allowCrossOrigin() function.