I set out to write a short tutorial about cross domain ajax calls and communication between iframes using url hashes (fragments), but I found this great tutorial by Michael Mahemoff covering the subject inside and out.
It is important to note that the code on his demo uses
window.location.hash, although it seems this practice should currently be avoided because of a known open bugs in the way Firefox URI-decodes document.location.hash when getting its value (could be considered an expected behavior and not a bug, but still different than any other browser). Facebook’s code uses substring on
pathname, and it seems to work cross browser. Facebook also have on their wiki a nice visual explanation of how it works:
Until the HTML 5 postMessage is widely adopted, we will have to keep using this somewhat of a hack, but it works, that’s what’s important.