HTML5 offers a new API for communication between different windows/frames.
First, a reference to the iframe must be obtained. This can be done with regular JavaScript and DOM functions. While the content of the iframe remains hidden even with HTML5, it is possible to send a text message to the iframe with iframe.postMessage(message, targetOrigin);
where iframe
denotes the reference to the iframe, message
the text message and targetOrigin
is used to identify the sender of the message.
In order to receive the message, the receiving iframe must add an event listener like window.addEventListener("message", receiveMessage, false);
with the parameter receiveMessage
being a reference to a function that handles incoming messages. It can look like this:
function receiveMessage(event) {
if(event.origin != /* expected message sender */)
// malicious message
else {
var message = event.data;
// proceed with code
}
}