I’ll discuss the postMessage feature and how it can be vulnerable by wrong way implementation. First I’m going to talk about what is postMessage feature actually, then we are going to code and use it, at the end we will take a look at vulnerabilities. What is postMessage? postMessage() is a feature introduced in HTML5 and you can use it in JavaScript. This feature lets you send data between different Window objects (it can be an iframe or window.