Explicitly allowing cross-domain iFrame scripting for an SDK

I'm beginning to develop a JavaScript client SDK that adds an iFrame to the DOM. The URL of the iFrame is on my domain, but the SDK is going to be used on third party domains. What is a reliable, cross platform, degradable method of allowing my client SDK to manipulate the iFrame? I want to allow the people implementing my SDK to have a set of functions to call and events to subscribe to which originate from the iFrame.

Facebook seems to do a really good job of this in their Apps & Pages system. Usually in that case, thou开发者_如何学JAVAgh, you're calling out from within a frame. Mine is bidirectional.

I found a great blog post detailing an older method of accomplishing this. It also links to several libraries that implement the various methods.

• Porthole
• XSSInterface
• EasyXDM
• jQuery PostMessage Plugin

Why don't you look into JSONP instead? It's JSON with Padding and allows cross-domain requests. I'm only thinking that iframes are so passé.

You have the problem with cross-domain policy. If you have it in another domain you don't have to have iframe. Use a webservice or simply send POST or GET messages to a URL.