This example dynamically creates an iframe and assigns a function to its window object's onload event handler.
This typically works in only Internet Explorer and Firefox so long as the iframe just loads a local resource. The problem is that I've changed document.domain to be "nczonline.net", which makes the page a member of nczonline.net while the iframe is a member of www.nczonline.net. This difference causes a security issue and the assignment to onload fails.
Back to the blog post