iframe to parent communication: parent.function vs postmessage

Question

I am trying to send an object from an iframe to the parent site it is hosted on. I've found

Html5 - Cross Browser Iframe postmessage - child to parent?

and

Calling a parent window function from an iframe

I was able to get this to work in all browsers (postmessage didn't work in IE)

var data = {'iframedata': true, 'message':'object received from iframe'};
function sendDataToParent(){
    parent.receiveData(data);
}

All the posts I'm seeing say that parent.postmessage is the secure way to send data between windows in html5, so is calling a parent function and passing in a parameter as I am not secure?

Answer 1

calling a function won't work if your iframe is in a different domain from the hosting page (parent).