undefined | Better HN

0 pointsthrowup2381y ago0 comments

The only way for a worker to communicate with the rest of the browser context is by using the `postMessage` method. The host code has to listen and respond via the `onmessage` handler, so the worker is unable to do anything that you don't explicitly implement in your `onmessage` handler.

You still have to make sure the API you expose to the user plugins aren't exploitable.

0 comments

1 comments · 1 top-level

a1o1y ago

Thank you for the explanation, I was not familiar with this method, it looks interesting, a tradeoff between flexibility and safety vs iframe.

j / k navigate · click thread line to collapse