Javascript iFrame Limitations

I know that, for security reasons, javascript can't read the contents of an iframe if it belongs to a different domain. This makes sense, given that the entire page could be an iframe w开发者_StackOverflow中文版ith snooping scripts outside of the frame.

The question is - are there equal limitations in the other direction? Can javascript within an iframe (from a different domain) read and manipulate the dom in its parent window?

Thanks!

You can't.
This would be a security hole. Now that everyone is crazy adding facebook iframes to their sites, imagine if javascript from FB could interact with your page ;)
Anyway, i set up a small example, and got the same origin warning when i tried to get a parent's div from inside the iframe (which was in another domain)

If you want to use this in a two domains that you own (not trying to attack anyone) you can do that using ajax as described Here.