Home

windowopenerpostMessage

Window.opener.postMessage refers to the use of the postMessage API to communicate between a window and the window that opened it. In web browsers, a window opened with window.open retains a reference to its opener via the window.opener property. The postMessage method allows sending data from one window to another across origins, using a targetOrigin to restrict where the message is delivered.

How it works: A window (the sender) calls postMessage on a Window object, passing a message and

From the opened window, messages can be sent back to the opener using window.opener.postMessage(message, targetOrigin). Conversely,

Security considerations are central: always verify the origin of incoming messages (event.origin) and specify a strict

Common use cases include cross-origin login flows, payment or OAuth popups, and coordinated interactions between a

a
targetOrigin.
When
the
message
is
received
by
the
target
window,
a
message
event
is
fired.
The
receiving
window
can
listen
for
such
events
with
a
message
event
listener.
The
event
provides
the
message
data,
the
origin
of
the
sender,
and
a
reference
to
the
sender
window
(event.source).
If
the
sender
is
the
opener,
the
recipient
can
respond
using
the
same
mechanism,
often
by
calling
event.source.postMessage
back
to
the
sender.
the
opener
can
communicate
to
the
opened
window
either
by
holding
a
reference
to
the
opened
window
or
by
listening
for
messages
and
replying
as
needed.
targetOrigin
in
postMessage
rather
than
using
the
wildcard
*.
Validate
and
sanitize
any
data
before
acting
on
it.
If
the
opener
or
the
opened
window
is
closed
or
navigates
away,
the
reference
may
become
null,
and
messaging
may
fail.
main
page
and
a
popup.
The
mechanism
is
widely
supported
in
modern
browsers
and
is
a
standard
means
of
safe
cross-document
communication.