Demo using HTML5's postMessage to safely communicate with an external service
The same origin policy restricts access to a page's content, methods and properties from a different domain. So content embedded on a host page via an <iframe> cannot access the content, properties or methods of the host page and vice versa. However, recognizing the need for safe cross domain communication, HTML5 has introduced a postMessage capability which allows text messaging between two properly configured webpages.