With new versions of our trusted browsers coming out, web developers who like living on the edge can start using some of the new features that are becoming available. One such goody is cross-document messaging, which is part of the HTML5 draft spec.
Cross-document messaging allows children of a window (think iframes, popups, …) to communicate using JavaScript, even if they originate from a different domain. This means that Instead of just iframing an external application, without being able to integrate further, your page can send and receive messages to/ from it. PostMessage could even be used to do cross-domain XHR (a hidden iframe on the same domain as a a remote datasource can be used as a proxy to perform XmlHttpRequests on that remote domain) untill the real thing hits the streets as well.
The two additions that allow you to perform such messaging, are window.postMessage and an eventlistener for events of the “message” type to handle the message. A pretty straightforward example of this can be found on JQuery’s John Resig’s site (see also his lastest blog entry about postMessage). As cross-domain javascript can be a potential big security risk, taking into account some precautions is really really really really really necessary. Really!
On the downside (as if security is not a problem); this brand new feature is only available in Firefox 3 for now. My own little test (a copy of John Resig’s example with some minor tweaks) worked in Opera 9.2x (and 9.5b) as well, but postMessage seems to have been dropped from the final Opera 9.5, as the tests on Opera Labs don’t seem to work any more either. Support for postMessage is also available in Webkit (Safari‘s backbone) nightly builds and in Microsoft’s IE 8 BETA (with the event being ‘onmessage’ instead of ‘message’ and some other quirks but hey, this is beta, no?).
So expect postMessage to be available in all major browsers by the end of the year. But why wait if you know that Facebook is already using postMessage in their chat application. I wonder what they fall back to if it is not available though …
cross-domain
Over internet en development, en waarom ik er zo goed in ben!
Het is toch straf dat de web-bozo’s van één van Europa’s grootste IT-services bedrijven weer eens moeten toegeven dat guru Goossens toch gelijk heeft?
“Jaja, cross-domain Ajax dat kan, de nieuwe DWR maakt dat immers
allemaal perfect mogelijk.”
Toen ze me dat een paar maand geleden antwoordden, lachte ik minzaam en besloot rustig af te wachten. Want als ze mijn recept niet moeten, dan lijden ze maar honger. ‘t Is toch waar zeker? Want ik wist dat ze vroeg of laat toch tot het besef zouden komen dat dat inderdaad niet werkt. Security warnings all over the place. En dan “Het ligt aan de browsers” roepen, ja, tarara!
Het is alleen spijtig dat ze pas enkele dagen voor de release tot die conclusie komen, het zou de multinational in kwestie heel wat geld en kopzorgen bewaard hebben als ze vroeger naar mijn onbetaalbaar advies hadden geluisterd.
Enne, als voetnoot; met een iframe gaan klooien is écht geen proper alternatief jongens!
(Met dank aan meester- marketeer entertainer Steven Feys)