<iframe id="ifr" src="http://www.foo.com:8081/langtao/foo.html" width="500" height="300"></iframe><div id="msgbox"></div><input type="text" id="msg" /><input type="button" value="发送" id="btn"/><script type="text/javascript">window.onload = function() {    document.getElementById(‘btn‘).onclick=function(){        var ifr = document.getElementById(‘ifr‘);        var targetOrigin = ‘http://www.foo.com:8081/langtao/‘;  // 若写成http://www.foo.com:8081/langtao/foo.html‘效果一样        var msg=document.getElementById(‘msg‘).value;        ifr.contentWindow.postMessage(msg,targetOrigin);                var c=document.createElement(‘div‘);        c.innerHTML="你说："+msg;        msgbox.appendChild(c);    }};window.addEventListener(‘message‘, function(e){    // 通过origin属性判断消息来源地址    if (e.origin == ‘http://www.foo.com:8081‘) {//不可以设置为‘http://www.foo.com:8081/‘        var c=document.createElement(‘div‘);        c.innerHTML="来自"+e.origin+"的消息："+e.data;        msgbox.appendChild(c);    }}, false);</script>

<div id="msgbox"></div><input type="text" id="msg" /><input type="button" value="发送" id="btn"/><script type="text/javascript">    var msgbox=document.getElementById(‘msgbox‘);    window.addEventListener(‘message‘, function(e){        if (e.origin == ‘http://www.evil.com:8081‘) {            var c=document.createElement(‘div‘);            c.innerHTML="来自"+e.origin+"的消息："+e.data;            msgbox.appendChild(c);        }    }, false);    document.getElementById(‘btn‘).onclick=function(){        var targetOrigin = ‘http://www.evil.com:8081/langtao/‘;        var msg=document.getElementById(‘msg‘).value;        window.top.postMessage(msg, targetOrigin);                var c=document.createElement(‘div‘);        c.innerHTML="你说："+msg;        msgbox.appendChild(c);    }</script>