scrolling an iframe from the parent window and access denied

scrolling an iframe from the parent window and access denied

Given that a user can manually scroll the content of an iframe regardless of the domain of the page loaded within it, why, when using something like the scrollTo plugin or .animate() to scroll an iframe, do browers give an "access denied" error (or fail silently) when the domain of page loaded in the iframe is different to the domain of the page executing the javascript (and containing the iframe).

I understand there are some limitations in accessing cross-domain iframe content, but this specific case doesn't make sense to me; what is the security risk?  Any user can do it manually, so why can't javascript?  

I'm missing something obvious, but what?

Colin J

    • Topic Participants

    • colin