I found there is a strange thing about the youtube javascript api.The javascript api actually requests the player inside the iframe to do something. How can the api ignore the same origin policy? I have no idea about how it works.
What you're looking for is HTML5's postMessage feature. It allows for sending data messages between two windows/frames across domains, currently supported on all major browsers. See this demo for an example (open the console to see messages getting passed).