JavaScript's same origin policy will cause access denied or similar error messages to appear if the document loaded into the iframe is from another domain. See more information on the subject.
HTML5 introduces cross-document messaging using postMessage which is designed to enable documents from separate domains to communicate with each other while still providing protection from cross-site scripting attacks.
The window.postMessage method is supported by Internet Explorer 8+, Firefox 3+, Opera 10, Safari and Chrome. Find more information and examples at Mozilla Developer Network and WHATWG.