I am working on an GAS Spreadsheet Add-on and have run into the problem of passing data between modal dialogs and the sidebar due to the cross-origin / same-origin access policy.
I have implemented this solution however my main question is, how secure is this solution? And would it be appropriate to pass sensitive information such as usernames and passwords?
I attempted to use window.postMessage() to explicitly specify the target, and the source on the receiving end, however ran into the same hurdles outlined in this question.
