iframes from same domain and cross browser scripting

Say a page served from foo.bar.com/parent.htm contains an iframe that points to bar.com/child.htm.

Can a script located in parent.htm call a function defined in child开发者_开发知识库.htm?

Seems like this should work because parent.htm and child.htm both eminate from the same domain. I am getting an access denied message, but I would like to know why?

Thanks, John

No. Look at Wikipedia, for example: http://en.wikipedia.org/wiki/Same_origin_policy.

To illustrate, the following table gives an overview of typical outcomes for checks against the URL "http://www.example.com/dir/page.html".

http://v2.www.example.com/dir/other.html - Failure - Different host (exact match required)

They are not considered the same domain from the browser's standpoint

This is by design. Hosting services that use subdomains for different clients need to isolate them safely.

Yes, set document.domain = 'bar.com' in both pages and you can then access data cross-frame. This only works on the same domain, e.g. you can't set document.domain to "not-the-current-domain.com"

Or what I usually do:

document.domain = document.domain.replace(/.*?([^\.]+\.[^\.]+)$/, '$1');

which sets document.domain to the current root domain (e.g. strips any sub-domains)