Recently, I was working on an application using comet. To get around some issues opening multiple connections in older browsers (ahem, IE6), we injected an iframe using another domain into the page that hosted the application, which allowed more persistant connections.

The parent held details about the chat (username, other people online, etc.), which needed to be passed to the child. The trouble was, the child couldn't access properties of the object sent from parent, due to access restrictions - It would throw a "Permission denied to access property object" error in FireFox. This didn't matter if I sent in the object as a parameter in a method, or tried cloning the object - nothing worked. I could see the object, I could log the object, but I couldn't access any properties

After several attempts to get around this, I fell upon an easy and elegant solution: since I could access the object, just not its properties, I would encode the object as a JSON string and parse it on the client. Using
Douglas Crockford's json2.js, when sending the parent objects I encoded them as JSON using JSON.stringify(object). On the child, I did a JSON.parse(object) - and I had a fresh new copy of everything to work with. I could access everything with no trouble, as it's now an entirely new object.