that is part of the security model. There are plenty of examples of this on 
the we, do a quick search in google and you should find some.

At 00:37 27/11/01 +0000, you wrote:
>Hi, I am trying to write a "remove frame" script.
>
>Error is "permission denied"
>
>The script works when all the frame locations are under the parent
>domain but fail when it is an external site.
>
>Here is my script
>
>function removeFrame() {
>parent.top.location.href = parent.body.location.href;
>}
>
>Now if Parent is 'http://www.spilledink.com" and Body is
>"spilledink.com/somefile.html" it works. If  Body is
>"http://www.yahoo.com" or some other domain, I get a permission
>denied. What is puzzling is that I can switch the frames with a
>javascript pull down menu with out error. Same URLs and same
>code. So weird.