"Access is denied" when script tries to access iframe in IE8

Question

I am "lazy loading" a 3rd party ad script on my website by overwriting the document.write function and restoring it at a later time. This ad script creates an iframe, and tries to write to it.

I am seeing an "Access is denied" error in Internet Explorer 8 (but not in FF, Safari, or Chrome) when the script tries to access frame.document. The frame exists (I can see it in IE8 Developer Tools)

Any idea why this is happening? Could it be because the iframe is not ready or because of cross-site security restrictions (which I don't fully understand)?

Answer 1

Just a shot in the dark here without seeing your code, but check to see if you have document.domain explicitly set on your page. If you are setting the domain of the document, trying to access a dynamically injected iFrame can throw access errors in IE. For example, if the following is set try commenting it out just to test:

//document.domain = "mydomain.com";

Answer 2

It depends on the context from which you're trying to access frame.document.

For example, say you load up your page on foo.com. It in turn loads up an ad running on ad.com in a frame called "myFrame".

If, in a script block on foo.com, you try to access myFrame.document, you're going to get a complaint, since the pages don't live on the same domain. You can reference the document from inside the iframe, but not outside.

That's the basics of cross-site security. If you can give us more info on the snippet that's actually causing the problem, and on which domain the various pieces are running, we might be able to help more.