I'm aware of the cross-domain issue with iframes accessing the parent's DOM and vice-versa, however I found that the iframe can redirect it's parent to another location. Take a "parent" page for example:
<!-- http://www.domain1.com -->
<iframe id="some_iframe" src="http://www.domain2.com"></iframe>
And the embedded content:
<!-- http://www.domain2.com -->
<html>
<head>
<title>I'm embedded</title>
</head>
<body>
<input type="button" onclick="parent.location = 'http://www.domain3.com';" value="Redirect my parent to another site" />
</body>
</html>
If the button within the embedded content is clicked, the parent is successfully redirected to a third URL. Obviously the embedded content within the iframe has access to setting it's parent's location. However if I try to call any other methods on parent (e.g., "parent.outerHeight") I get "Unsafe JavaScript attempt to access frame with URL http://www.domain1.com/ from frame with http://www.domain2.com/. Domains, protocols and ports must match." in my JS console.
I'm curious what other methods besides "location", if any, is the embedded content able to call on it's parent object. Is there a listing of these public functions? Thanks.
This question is slightly browser-specific. With HTML5, there's a sanctioned way of communicating call postmessage. Here's a link for your review.