The same origin security policy of browsers - Client side communication

What is the policy?

It is a defective security mechanism that constrains components such as objects 
and pages on a browser to access only others components loaded from the same server.

You might say, "I can easily load iframes from different domain by initially signing
their src or dynamically modifying their location.href. Then what problem I have?"
Well, see the answer from the demo below: the iframes loaded from different domains
can NOT "see or talk to" each other;)

What is this demo?

This demo shows a page contains two iframes loaded from different domains:
 - the parent/top frame, say A,  (frame contian this text) is loaded from
 - the left iframe, say B,  is loaded from too
 - the right iframe, say C,  is loaded from

There are buttons where you can make calls to functions reside in other frames.
As you can see, on calls possible are calls between A and B since A and B are 
loaded from the same domain. 

So C is a "dead zone" where you can only be load but can't communicate with the rest of 
the screen and vis versa.

Compatibility: IE (6.x, 7.x), FireFox (, Mozilla/Netscape(7.2), Opera(9.0)
                      were fully tested and worked in XP (v2002. sp2).

This is the parent frame A (loaded from