As an increasing amount of information is being provided electronically, the number of sources providing such content is increasing as well. In many cases, a user browsing a Web page through a browser application, for example, might simultaneously view content from multiple sources, each of which might have a distinct domain, host address, or other such source identifier from which the content is provided. In many cases, the user will be unaware that the content is coming from multiple sources other than variations in aspects such as style or layout.
In order to enhance the user experience, many of these content providers would like to be able to communicate information back and forth such that a page displaying content from multiple providers and/or multiple domains can provide a consistent experience based on user interaction. For example, a user viewing an item in an electronic marketplace might select to purchase an item using a “buy it” option in a frame provided from a first domain. There might be other frames on the page corresponding to other domains that can benefit from knowledge that the user purchased the item. For example, if a second domain is advertising alternative items available, once an item is purchased that domain might instead desire to advertise accessories for the purchased item. In any case, it can be desirable to update content in certain domains in response to actions or occurrences in other domains.
Such an approach is not straightforward, however, as most existing browsers and other such applications impose restrictions on cross-domain requests and cross-site scripting (XSS). Thus, a frame on a Web page corresponding to a first domain cannot send information to a second frame on the page corresponding to a second domain. Further, various frames or elements from a common provider may still correspond to different domains, or switch between different domains, such as secure (e.g., using HTTPS) and non-secure (e.g., using HTTP) domains. Thus even pages from the same provider might be unable to determine information about a frame, object, or other element of the page if that element is from another domain.
Further still, for content providers such as electronic marketplaces or electronic retailers, if these providers take advantage of electronic payment cards (e.g., credit or debit cards), then the provider also must comply with payment card industry data security standards (such as PCI DSS). In order to maintain compliance, each of the providers for a Web site has to also be PCI compliant to avoid potential vulnerabilities in the site, which in many instances will not be practical. Thus, while it may be desirable to pull in content from third party providers and interact with that content via JavaScript or another appropriate language, such interaction would generally not comply with the PCI or other such standards. Many other such standards exist for types of content or interaction.