I made sure the "Navigate sub-frames across different domains" was enabled for all my zones
The scenario is of two different web servers. The parent frame (html
> page orginates from server 1) has script like
> alert('parent invoked');
> Inside child frame (html orginates from server 2) the html refers to
> parent script like
If you somehow manage to get this to work, please report it to browser
developers so they could patch it because it would be a security hole.
Essentially, you're attempting to perform cross-site scripting, basics
of cross-site scripting attack, one of more dangerous ones.
If both pages come from the same parent
domain, and both of them set he property document.domain to the same parent domain
, scripts running in either frame will be allowed to talk to each other. For example, say the page http://www.example.com/ loads the page http://ajax.example.com/ in an iframe. Since both pages are in the domain example.com, if both set document.domain to “example.com” they will be be given the ability to programatically access each other’s data.
Finally I carefully read MSDN About Cross-Frame Scripting and Security
article and understood, that you can SET window
in the DHTML, but you can't call JS function from other Frame, even if it does the same window