Julien Couvreur has a blog post entitled Cross-document messaging hack where he writes
The Dojo and Windows Live Platform teams have both recently released DHTML
hacks that allow two iframes in different domains to communicate, bypassing the
notorious same-domain policy implemented in browsers. I'm surprised by the
relative lack of response in the AJAX blogosphere, as this opens lots of
possibilities for mashups.
The hack relies on dynamically created iframes, using the
fragment identifier to leak/communicate information to the other domain and
timers to check for iframe changes.
For example, if you have page A containing an iframe B in a different domain,
then B can create a new iframe and load it with a url in the same domain as
A. The url that is loaded doesn't generate a request to the server if it is
properly cached and only the fragment identifier is used to pass changing
information. Page A can now get the DOM handle on the new iframe and
successfully retrieve the information transmitted in the url by B.
Although the hack goes around the same domain policy, you should realize
that it does not constitute a significant security threat, as it requires both
frames to cooperate. Additionally, this mechanism allows for control of which
domains can work together.
Windows Live goes into a more specific proof of concept, with the Windows Live Contacts Gadget, an
embeddable contact picker. It explores the problem of cross-domain interactions
deeper than the Dojo work, specifically around authentication, access control
Like Julien, I'm surprised that there hasn't been more discussion about this technique in the AJAX blogs. I first learned about this technique from Yaron Goland while he was working with Danny Thorpe and others on the Windows Live Contacts Gadget. With this technique I can embed a
widget gadget hosted on my domain on a page from another domain and then later on exchange data or otherwise communicate between the widget gadget and the hosting page.
This is how the Windows Live Contacts Gadget allows you to embed a control that opens a portal to a user's Hotmail address book and then communicates the contacts the user has picked back to the hosting page. It's a really sweet hack.