This is a feature in IE7 - cross-domain access is completely disabled

for newer versions of IEs, if u decided to set document.domain in one of the pages, u will have to do the same for all the other pages u wish to communicate from/to the page.

Hi, I'm facing the same issue. Did you find any solution ?

http://msdn.microsoft.com/en-us/library/ms533028(VS.85).aspx fyi~

Apparently, once you set document.domain you have to wait until any child iframes are loaded until you can communicate with them.

I've run into the same issue, and I got around it this way... Rather than writing content to the iframe, just leave it empty and set the target of the form to the iframe. I can confirm that this works in IE 6/7, Firefox 2/3, Safari 3, and Opera 9. It's a bit tricky because IE 6/7 won't let you add the "name" attribute to the frame with JavaScript (and you need it in order to target it). In truth, you can add it, but you have to do it when you initially create the iframe element (this is the same bug that input elements have). More details here: http://terminalapp.net/submitting-a-form-with-target-set-to-a-script-generated-iframe-on-ie/

I noticed recently that this is a race condition. The new iframe (or window) doesn't have its document.domain set prior to when the permission denied error occurs. I was able to work around this by using setInterval to retry until the error no longer occurs. For example, here's some code to create the iframe and retry accessing inside it until it works:

  <script>
    document.domain = 'adp.com';
    var iframe = document.createElement("iframe");
    iframe.src = 'http://test.adp.com/newIframe.html';
    document.body.appendChild(iframe);
  
    var timer = setInterval(resumeCode, 100);
  
    function resumeCode()
    {
      if(iframe.contentWindow.okToResumeParent)      {
        clearInterval(timer);
        alert("iframe document body content is: " + iframe.contentWindow.document.body.innerHTML);
      }
    }
  </script>

And here's the HTML inside the iframe:
<html>
<head>
  <script>
    document.domain='adp.com';
    var okToResumeParent = true;
  </script>
</head>
<html>
<body>
  This is the body content of the new iframe.
</body>
</html>

There are a couple workarounds.
As mentioned above, this is a race conditions. While the iframe is being created and loaded, the document.domain is not explicitly set, so any parent document that does have it explicitly set will not be able to communicate with it immediately.
The workaround I use the most often is to point the iframe (or frame, or window) src to a "blank" html page that includes the setting of the document.domain value, plus a callback call to top.parent.loadContent() where the parent (whoever created the iframe) has dfined loadContent() and that function reaches into the iframe to access or overwrite it with whatever it wants.
The other workaround is a variation on that mentioned above, to create a setInterval loop that keeps checking to see if the frame is loaded. There is a cross browser hack that'll let you detect if the iframe/frame/window is loaded without reaching into it that looks like this.
document.domain = "my.domain"; // this is where the problem starts in IE
var iframe_loaded = false;
function createIframe() {
var myframe = ... create iframe object here
myframe.src = "URL to empty html page with document.domain set properly";
// We have to detect when the empty frame content has loaded
// Following 5 lines are cross browser compatible.
if (myframe.attachEvent) {
myframe.attachEvent("onload", function() {iframeFinish()});
} else {
myframe.onload = function() {iframeFinish()};
}
}
// New method added to HTMLEditor class to set iframe_loaded state
function iframeFinish() {
iframe_loaded = true;
}

Now after you call createIframe() start a setInterval loop that looks for iframe_loaded to be true, before proceeding to the next step that needs to reach into the iframe for some value, or to change its contents.
If you change the iframe's contents, be sure to set the document.domain *every* time or you'll lose contact with it again.