Existing browser software such as Internet Explorer or Firefox provides a security isolation mechanism based on network domains to prevent programs from different websites from accessing each other's data and causing visitor's private data to be misappropriated from one website to another. Some large web platforms, however, can include many different domain names or different websites that are in trust relationships with each other and often need to exchange data and service among different websites.
Several techniques for cross-domain communication exist. Current techniques, however, usually have certain disadvantages.
One existing technique for cross-domain communication involves exploiting certain security holes in the browser. This is not secure since malicious websites can also use security vulnerabilities to launch attacks. Also, the technique becomes obsolete as soon as the security holes are patched.
Another technique for cross-domain communication involves decreasing the client browser security setting to allow for cross-domain visits. Decreasing the security standard, however, makes the client more vulnerable to exploits by malicious websites.
Another technique involves URL jumping between different websites, where one website requests a page in another domain and sends information in the form of URL parameters and the other domain returns information by redirecting the browser to the web page in the requester's domain and sending information in the form of URL parameters. When URL jumping is used to communicate between different websites, the servers must deal with greatly increased load and efficiency is decreased. The technique also leads to security problems since the data information transferred via the URL is in plain view in the address bar of browser. Further, the technique cannot transfer large amounts of data because of the limit on the URL length.
Another technique uses cross-domain scripting citation. A web page in a domain uses the <script> label to reference Javascript (JS) file contents of another domain and transfers the data in the form of URL parameters. The JS file of the other domain can compile script freely to send the data directly to the current web page. This technique tends to be complex since new script needs to be generated in each communication. Further, the data of one domain would be completely exposed to the script of another and can be easily misappropriated.