OK, there have been a lot of discussions on this topic, but I haven't quite found an answer (see Unsafe JavaScript attempt to access frame in Google Chrome, Unsafe JavaScript attempt to access frame with URL for example).
Here's my situation:
I've got a file called index.html that looks like this:
<frameset>
<frame src="a">
<frame src="b">
</frameset>
Then 'a' looks like this:
<script language='javascript'>document.domain = document.domain</script>
<img src='whatever.jpg' id='foo'/>
And 'b' looks like this:
<script language='javascript'>
<!--
setTimeout(function() {
document.domain=document.domain
document.write('top domain is ' + document.domain)
document.domain = document.domain
top.a.document.images['foo'].src = 'something.jpg'
}, (5 * 1000));
//-->
</script>
So in a nutshell: a is a frame with a single image in it. b is a frame that should automatically change the src attribute of a's image link. But Chrome is unhappy!
(Note that I added the "document.domain=document.domain" lines pursuant to comments below).
(Also, note that the 5 second delay in frame 'b' is necessary to get a valid-looking URL for the call.)
According to the Chrome js debugger, this is causing a "unsafe javascript attempt to access url". Based on the other discussions of this error on Stack Overflow, it's unclear to me if there are any conditions under which I'm allowed to do this. These files (index, a, b) are entirely local on my machine. So there shouldn't be any concerns about them coming from different domains.
Any ideas? Sorry for re-posting, but I've quite found a definitive answer...
