hyperlink infosystem
Get A Free Quote

Html 5 Security Leverages cross- domain Messaging

Web Development

Feb 2016
2911 Views 5 Minute Read
html 5

HTML5 is one of the Upcoming technology for the forthcoming generation web app development that has brought exciting new features of the web world. HTML5 applications are far and wide used in the mobile application world. But along with the peculiarities, HTML5 has brought vivid new attack vectors as well.


Before moving further with the security concepts of cross domain messaging, let us get into the basics of how cross domain messaging is carried out in HTML5.

Cross domain messaging using postMessage() Method


Because of some root policy restrictions before HTML5, Earlier sending of messages between two host was only possible if both use the same protocol, host and port no.


But, with the commencement of HTML5 , all those restriction are faded and one can pass out messages across the domain constrain without taking care of the policy imposed on HTML5 earlier.


Thanks to HTML5, by introducing a method named postMessage() that let you pass messages between two frames regardless of same protocol,host and port .



otherWindow.postMessage(message, targetOrigin, [transfer]);




Consist of Data to be sent to the other window.

Here data is serialized using Structured Clone algorithm that allows you to pass large no data object regardless of serializing them .




Specifies the origin of other window for the event to be dispatched either “*” or URI.

If at the time of dispatch parameters like Scheme , hostname or port no are not similar as provided in target origin then event will not be dispatched.




Case: Optional

It is the queue of transferable objects along with the message whose ownership are in hands of destination.
Now, for better digestion of cross-domain messaging concept lets setup an Practical lab to illustrate it briefly.
Practical Approach of Cross-domain Messaging:

Case A: http://localhost:8383/                                                                          Case B : http://localhost/

As we can see there are two cases Case A and Case B with both located on different port.


As you can see from above screenshot a message is been sent from Case A to Case B and is received simultaneously.


But when during sending of message if Case A sets the target origin as “*” as the receiving window Case B is listening for incoming request anyone can listen to request and load it into iframe . So if we want particular window to listen for request call a checking of origin is done as below:


function receiveMessage(e) {
if (e.origin !== "http://localhost:8383")
do something..!

Why the need for Cross-Domain arises?




Cross Domain Solution distinct information to users without disclosing the entire confidential data at multiple levels, which can make it susceptible to unintended revelations.

The hazard of destruction is subjectively confirmed in the lightroom of potential program flaws.

Cross Domain Solutions caters information to critical users who are in need of it while blocking access to classified data from unauthorized users; in the process of guarding networks from being maliciously or unintentionally suffering data corruption.

Cross Domain Solutions has made the process of dividing data among coalition buddies in combat extremely streamlined.


Some of the areas where immense need of Cross-platform messaging is in demand are :


Cyber-security                                                                                              Supply Chain Security






Cloud Assurance                                                                                             Defense System




Cross Domain Conflicts& Solutions


The major Issues paced-off by Cross Domain Solutions are:

  • Enhancing the ability of defense systems at lowered cost of development, attainment and operation by creating multi-level secure systems operating various simultaneous applications on single processor.

  • Should be able to provide higher mortality, grit, peculiarity, fluidity, connectivity, security, safety at reduced purchase, implementation and technical training cost expense.


    From one of the resource a comparison is been conducted about implementation of cross-platform app in various platform as below:



Native iOS and Android apps

HTML5 apps

App Features




Native APIs

HTML, Canvas, SVG




Native look and feel







Device Access









Contacts, calendar



Offline storage

Secure file storage

Shared SQL











Pinch, spread




Online and offline

Mostly online

Development skills

Objective C, Java

HTML5, CSS, Javascript


As you can see above, there are few important features which are possible in Native apps but not possible in HTML5 apps. For eg. in future if you would like to add features like image capturing, contacts or push notification in your app then it won’t be possible in HTML5 apps. Also HTML5 apps are not secure as they use Shared SQL database in device.


I would recommend you to consider all above key things and then take a decision that will help you to make the best app with one of the top app development companies that is Hyperlink Infosystem. You can also hire best app developers India for your mobile app development. Contact us now for any inquiry or free quote.

Hire the top 3% of best-in-class developers!

Harnil Oza is the CEO & Founder of Hyperlink InfoSystem. With a passion for technology and an immaculate drive for entrepreneurship, Harnil has propelled Hyperlink InfoSystem to become a global pioneer in the world of innovative IT solutions. His exceptional leadership has inspired a multiverse of tech enthusiasts and also enabled thriving business expansion. His vision has helped the company achieve widespread respect for its remarkable track record of delivering beautifully constructed mobile apps, websites, and other products using every emerging technology. Outside his duties at Hyperlink InfoSystem, Harnil has earned a reputation for his conceptual leadership and initiatives in the tech industry. He is driven to impart expertise and insights to the forthcoming cohort of tech innovators. Harnil continues to champion growth, quality, and client satisfaction by fostering innovation and collaboration.

Our Latest Podcast

Listen to the latest tech news and trends we have discovered.

Listen Podcasts
blockchain tech

Is BlockChain Technology Worth The H ...

Unfolds The Revolutionary & Versatility Of Blockchain Technology ...

iot technology - a future in making or speculating

IoT Technology - A Future In Making ...

Everything You Need To Know About IoT Technology ...


Feel Free to Contact Us!

We would be happy to hear from you, please fill in the form below or mail us your requirements on info@hyperlinkinfosystem.com

full name
e mail
*We sign NDA for all our projects.

Hyperlink InfoSystem Bring Transformation For Global Businesses

Starting from listening to your business problems to delivering accurate solutions; we make sure to follow industry-specific standards and combine them with our technical knowledge, development expertise, and extensive research.

apps developed


Apps Developed




website designed


Websites Designed

games developed


Games Developed

ai and iot solutions


AI & IoT Solutions

happy clients


Happy Clients

salesforce solutions


Salesforce Solutions

data science


Data Science