Chapter 31APIs: The Cross-document Messaging API

The Cross-document Messaging API in HTML5 makes it possible for two documents to interact with each other without directly exposing the DOM. Just imagine the following scenario: Your web page has an iframe that is hosted by a different website. If you try to read some data from that iframe, the browser will be very upset and may throw a security exception. It prevents the DOM from being manipulated by a third-party document, thereby stopping potential attacks such as CSRF or cross-site scripting (XSS). But the Cross-document Messaging API never directly exposes the DOM. Instead, it lets HTML pages send messages to other documents through a message event.

The Cross-document Messaging API is useful ...

Get Jump Start HTML5 now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.