Frames may allow a web browser window to be divided into more than one section, each of which may display a different document. One use of frames may be to allow documents from different web domains to be displayed on a single web page. As such, a user that browses to a web page hosted on a particular web domain, sometimes referred to as the parent page, may end up viewing a page that contains documents from multiple web domains. Furthermore, domains that host the content in the frames may not be familiar with and, therefore, may not trust the domain that hosts the parent page.
Frames present on a parent page may want to pass messages between one another. This inter-frame communication is often referred to as cross-document messaging. For example, a document contained in a frame may want to communicate some piece of information to another document contained in a different frame and residing on a different domain. Without a direct line of communication between frames of different origins, the parent page must relay messages from one child frame to another child frame. A parent page that relays messages between the frames may view content that is passed between the frames. This content, therefore, may be exposed to an untrusted and potentially malevolent website. One way modern browsers may resolve this potential security hole is to use the postMessage method present in the Messaging API of HTML5 for secure cross messaging between frames. Older browsers, however, may not support the postMessage method and may not have a way for secure cross-document messaging.