I hadn’t realized until reading this article that html5 has baked in a way to allow a hosting webpage to receive messages from a page contains in a child iframe. This is normally not allowed in modern browsers due to the potential for big ol security problems, but this html5 method has security measures in place that prevent it being abused. Nice stuff.
http://stevehanov.ca/blog/index.php?id=109