postMessage Challenge-Response

The postMessage API can provide confidentiality if challenge-response is used. (Thanks to Jeff Walden for the idea.) Because implementing confidentiality is tedious and error-prone, we recommend built-in support for confidentiality in postMessage.

Update 12 February 2008: Our proposal has been accepted into the HTML 5 specification.

postmessage2.js

Example usage:

postMessage2(frames[0], message, "theory.stanford.edu");

Source code: