At Second Street, we are proud to make white-label software that enables our customers to offer promotions and contests as part of their brand. One of the interesting development challenges behind that has been the need to embed our software on our customers’ websites.
<iframe> can solve quite a few problems on the web, but it introduces a nearly-impenetrable wall of security. The only way through that wall, if your iframe is on a different domain, is via the HTML5
postMessage API. Unfortunately,
postMessage is messy.