Cross-Document Messaging is a method of sending information from a page on one domain to a page on a different domain using the postMessage method.
The HTML5 standard supports cross-document messaging via the window.postMessage method.
- The message is transmitted to the iframe containing the exampleWindow object after verification of the origin.
Cross-Origin Resource Sharing
Cross-Origin Resource Sharing is a method of sending XMLHttpRequests across domains.
Its functionality is similar to cross-document messaging, using a different method of communication.
The HTML5 standard enables user-agents to transmit geolocation data for devices which support this functionality.
The Web Storage API allows for persistent data storage of key-value pair data in web browsers.
Web Workers enable scripts to run in sthe background, isolated from the webpage. Messages are used to communicate to event handlers managing the worker processes.
Drag and Drop
The Drag and Drop API provides ways for an application developer to allow HTML elements to be dragged out of the web page and dropped elsewhere. This allows users to copy elements between frames, browser tabs, browser windows and other applications. The “drop” API also allows users to drop in files directly into the browser window, which the application can process in some way (e.g. uploading a document). This API allows application developers to emulate the behavior of native applications like text or image editors that allow seamless inter-application drag/drop behavior.
Video & Audio
Allows video or audio content to be added to the page without the need for a browser plug in such as Flash.
Camera and Microphone
Allow the web page to capture input from a camera and microphone attached to the device. This is of particular relevance to mobile devices.
IndexedDB and WebSQL
Alternatives to Web Storage for persisting data on the client. IndexedDB allows for storage of large amounts of structured data in the browser using a key-value mapping. WebSQL allows applications designers to store data on the client side and access it using SQL queries.
The File API allows web applications to access files from the underlying system.
Allows a web site/app to work offline by defining a manifest of all the resources the page requires which the browser will download and make available even if when it isn’t connected to a network.
Server Send Events
Allows the server to push messages to the client. Likely to be used for similar reasons to WebSockets, but doesn’t provide the bi-directional socket.
Content Security Policy
A Content-Security-Policy header defines a whitelist of trusted script locations such that browsers that support CSP will not run script loaded from other locations. This allows inline and evaled script to be blocked which addresses many cross site scripting attack vectors.