Hey guys,

It's been bugging me a lot lately that I cannot grab the current href location URL of an iframe on a site, with different domains. I understand how SOP is great and secure, but it's still a pain for those who are not trying to cause harm. What is the maximum harm of allowing just the ability to read the current location URL of an iFrame? I am not talking src attribute.

Is there a site that I can see every single thing excluded in iFrames due to Same Origin Policy? as well as things that are permitted?