Cross-domain security woes. About Cross-Frame Scripting and Security. With Dynamic HTML (DHTML), content in different windows and frames can interact in powerful ways by scripting with the object model.
However, since a browser can simultaneously display unrelated documents in its various windows and frames, certain rules must be enforced to protect data integrity and privacy of information. Scripts that attempt to access parts of the object model to which they do not have access are blocked with a "permission denied" error. While domain security can prevent certain types of content interaction, it is important to understand that this restriction is necessary to ensure security.
For example, without domain security, a rogue page could "snoop" on another page or, using DHTML, manipulate its content.
Cross-Domain Communication with IFrames. An update in the era of HTML5 (May 6, 2011) This post has been heavily commented and linked to over the years, and continues to receive a ton of traffic, so I should make it clear that much of this is no longer relevant for modern browsers.
On the one hand, they have adjusted and tightened up their security policies, making some of the techniques here no longer relevant. On the other hand, they have introduced technologies that make it easier to do cross-domain communication in the first place.