Prior to HTML5, web browsers disallowed cross-site scripting, to protect against security attacks.
This practice barred communication between non-hostile pages as well, making document interaction of any kind difficult.
[1][2] Cross-document messaging allows scripts to interact across these boundaries, while providing a rudimentary level of security.
[1] Poor origin checking can pose a risk for applications which employ cross-document messaging.
[6] Support for the API exists in the Trident, Gecko, WebKit and Presto layout engines.