I'm not sure if this is already well-known nor whether it is harmless or not.
[1] http://my.opera.com/hallvors/blog/2010/07/13/ebay-versus-security-policy-consistency
[2] http://sloth.whyi.org/~jl/cross-domain.html
Following some discussion of [1], it was pointed out to me that it is
possible to make two pages on separate subdomains communicate without
either setting their document.domain by proxing the communication
through pages that have set their document.domain. There is a demo of
this at [2].
- [whatwg] Communicating between different-origin frames James Graham
