Web browser programs are computer software applications that are designed to retrieve information over the Internet, and to then render the retrieved information on a display device where it can be accessed and reviewed by a user. A user may request information such as a web page from a remote server over the Internet by inputting an address in the form of a Uniform Resource Locator (“URL”) into the web browser program, which causes the web browser program to request one or more files from the remote server that are needed to construct the web page and render it on the user's display device. The requested files are usually extensible mark-up language (“XML”) or hyper-text markup language (“HTML”) files. Upon receipt of the requested file(s), the web browser program renders the information (e.g., a web page, a form, a video, etc.) in an appropriate format on the user's display device, typically in the form of an XML or HTML document.
The web browser program usually displays the requested XML or HTML documents to the user within one or more windows on the user's display device. A window refers to a portion of the display device that is typically framed by borders and which presents the document(s) rendered therein in a manner that appears to be independent of the rest of the display. Windows can be divided into or include one or more “iframe” sub-elements (which sometimes are referred to as simply “frames”), each of which may operate as a separate, independently controllable sub-window that may, for example, contain its own HTML or XML document(s). The source (“src”) address of an iframe identifies the source of the content of the iframe (e.g., the URL of the contents of the iframe). An iframe can be embedded in a window such that it is not visible on the user's display device. A window or iframe is considered to be “in” or “within” or “associated with” (which terms may be used interchangeably herein) the “domain” of the server or other processing device that supplied the content to the window, where the “domain” refers to a common name under which the server supplying the content and various other network devices are organized (e.g., abc.com).
Pop-up windows, dialog boxes and other windows or iframes are routinely generated on a display device that are located on top of, or adjacent to, an underlying web browser window or iframe. In certain situations, it may be desirable to allow, for example, a pop-up window or iframe to communicate with an underlying web browser window or with widgets or other objects contained within the underlying web browser window. Unfortunately, allowing a first window or iframe to alter the contents of a second window or iframe can raise security concerns, particularly if the windows/iframes at issue are not populated with information that originated from the same source. In particular, so-called cross-site scripting attacks have become increasingly common. A cross-site scripting attack refers to the malicious injection of JavaScript or other computer code into a web page that is being viewed by other users, where the code is designed to insert advertisements, steal sensitive information or commit other annoying or malicious acts. In order to combat such cross-scripting attacks, many web browser programs now restrict or prevent a window that is in a first domain from communicating with or altering the contents of windows that are in different domains, even in cases where the windows are not hostile to each other. Because of these security features, various “cross-domain” communications (i.e., where a window/iframe in a first domain communicates with a window/iframe in a second, different domain) that a web page designer may build into a window may not work properly across all web browser programs. As such, web pages may not work in their intended fashion when viewed by Internet users that employ web browser programs that place certain restrictions on cross-domain communications.