Does anybody have a link to either a theoretical discussion or general issues surrounding the fact that an iframe busting technique like this works (from within an iframe):

if (window.top !== window.self) { setTimeout(function(){document.body.innerHTML='';},1);window.self.onload=function(evt){document.body.innerHTML='';};}

But this does not:

var1 = window.top.href;
document.write(var1);

Are operators allowed but getting variables outside scope not? I'm trying to do a few things. One is to grab the HTML outside of a cross domain iframe, the other is to prevent that grabbing, and the third is to prevent the framebusting technique mentioned above from outside the iframe.

This article is interesting so far:

http://coderrr.wordpress.com/2009/02/13/preventing-frame-busting-and-click-jacking-ui-redressing/

well I'm not an expert on the subject, but the frame control options are definitely limited when crossdomain. I guess getting the href could be potentially harmful because of sessions and whatnot. If a "href" even exists