Window.postMessage()

Example

Let’s create two web pages named PageA.html and PageB.html such that:

• PageB.html will be a pop-up. 
• PageA.html will send a message to PageB.html.

PageA

<!DOCTYPE html>
<html>
<head>
    <title>Window Post Message Test</title>
 <meta charset="utf-8" />
<script>
var childwin;
const childname = "popup";
function openChild() {
childwin = window.open('PageB.html', childname, 'height=300px, width=500px');
 
}
function sendMessage(){
    let msg={pName : "Bob", pAge: "35"};
    // In production, DO NOT use '*', use toe target domain
    childwin.postMessage(msg,'*')// childwin is the targetWindow
    childwin.focus();
}
</script>
</head>
<body>
    <form>
        <fieldset>
            <input type="button" id="btnopen" value="Open child" onclick="openChild();" />
            <input type="button" id="btnSendMsg" value="Send Message" onclick="sendMessage();" />
        </fieldset>
    </form>
</body>
</html>

PageB

<!DOCTYPE html>
<html>
<head>
    <title></title>
    <meta charset="utf-8" />
    <script>

// It allows window to listen for a postMessage.
    window.addEventListener("message", (event)=>{

// To verify the targetOrigin matches this window's domain.
        let txt=document.querySelector('#txtMsg');
        txt.value=`Name is ${event.data.pName} Age is  ${event.data.pAge}` ;
     
    });
function closeMe() {
        try {
window.close();
        } catch (e) { console.log(e) }
        try {
self.close();
        } catch (e) { console.log(e) }
}
    </script>
</head>
<body>
    <form>
        <h1>Recipient of postMessage</h1>
            <fieldset>
                <input type="text" id="txtMsg" />
                <input type="button" id="btnCloseMe" value="Close me" onclick="closeMe();" />
            </fieldset>
   
    </form>
</body>
</html>

Test Run

On running PageA.html. You will find

Click the "Open child" button on PageA.html. This brings up the pop-up window.

On clicking the "Send Message" button, the pop-up Window receives the below-written message.

Let’s understand what is Happening

When you select "Send Message," an Object is delivered to the recipient page using the window reference, childWindow, created during window.open().

On clicking the “Send Message” button, the message will be received by the pop-up window.

childWindow.postMessage(msg,"*" ): 

• Once again, do not use "*" for other than for testing. The targetOrigin should be the domain of the recipient page.
• The receiver window's Event Listener receives the message in an "event" parameter.

The callback function processes the message.

• The message is stored in event.data.
• The targetOrigin is stored in event.origin.

Frequently Asked Questions

1. What is window postMessage () used for?
The window. postMessage() method is very useful. It allows for cross-origin communication between Window objects. For example, it allowed communication between a page and a pop-up it created or a page and an iframe contained within it.

2. How do I view Windows postMessage?
There is no network traffic in postMessage because everything happens between frames and windows on the same machine. You can use console.log(e) to view Windows postMessage. It calls inside your postMessage handlers so you can see the results in the dev tools console.

3. Is window postMessage secure?
Cross-site scripting attacks can be launched by acting on a message without first confirming its source. postMessage is typically thought to be quite safe as long as the programmer double-checks the message's origin and source. 

Conclusion

In this article, we learned about Window.postMessage(). We learned that the window.postMessage() method allows cross-origin communication between Window objects.

Window.postMessage is safe as long as the programmer double-checks the message's origin and source. 

We learned that one window could receive a reference to another (e.g., via targetWindow = window.opener) and then use targetWindow.postMessage to send a MessageEvent() to it. The receiving window is, therefore, free to deal with the situation. The event object exposes the arguments supplied to window.postMessage() (i.e., the "message") to the receiving window.

Now you are all set to safely communicate between your Window objects on your website—design amazing websites.

Happy Coding!.

You can use Coding Ninjas Studio to practice various DSA questions asked in the interviews. It will help you in mastering effective coding techniques, and you will also get interview experiences with people working in big companies.