HTML and CSS Reference
In-Depth Information
on your wall. But you'll find plenty of situations where you'll want to embed content from
other sites in web pages; for example, Google ads and analytics, Facebook Like buttons,
and Twitter feed widgets. You can implement all these examples by loading JavaScript
from other sites using <script> elements. When scripts are included this way, they have
as much access to your content as scripts on your own domain; they bypass the Same Ori-
gin Policy.
Until HTML5, the options for any foreign domain content embedded in your pages were
• No access to any of your content
• Complete access to all of your content
It would be nice to have a middle ground between these extremes. Although there may be
some sources you don't trust at all, it's likely you have plenty you trust a little bit. HTML5
satisfies this demand for flexibility with cross-document messaging. The cross-document
messaging API allows a controlled messaging channel to be created between two pages by
using the postMessage method and the onmessage event.
The postMessage method should be passed two parameters:
• The message itself
• The domain of the page being targeted:
windowRef.postMessage('The message', '');
Search WWH ::

Custom Search