postMessage Challenge-Response
The postMessage API can provide confidentiality if challenge-response is used. (Thanks to Jeff Walden for the idea.) Because implementing confidentiality is tedious and error-prone, we recommend built-in support for confidentiality in postMessage.
Update 12 February 2008: Our proposal has been accepted into the HTML 5 specification.
postmessage2.js
Example usage:
postMessage2(frames[0], message, "theory.stanford.edu");
Source code: