HTML 5 postMessage() API allows cross-domain messaging

Finally an answer for mashups and cross-domain widget developers.  Also, a lovely attack surface for the security crowd.

Now domain-x can communicate with domain-y legally.  John Resig's has a nice writeup about this feature in Firefox 3.x

The HTML 5 spec spells out the details with vivid warnings for User Agent developers.

This functionality has been provided for a while now from smack-ups like the XssInterface project and Google Gears allowCrossOrigin() function.