Let's say if I do an iframe... is it possible to show the current location (current URL) of that iframe on the parent page if it has navigated outside of my domain? (that is... if i iframe and set the src to www.mywebsite.com, it seems that i can show the current URL of that iframe as long as the user is navigating within mywebsite.com. Once the user navigate outside of it, then i cannot show the iframe's current location using document.getElementById("an_iframe").contentWindow.location or document.getElementById("an_iframe").contentWindow.location.href hm... that's a bit strange, because it is just a URL.... and if i navigate in the main browser window, the URL is always visible in the browser's address bar, so why is there any security issue about it?)
I kind of understand your point, but I think it's better that the browsers deny access to the other domain's window object completely, rather than pick and choose certain things (that's the kind of thing that leads to security holes).