Hi,
No. There is no direct way around this. You either have it on or off. If setting WebSecurity off is not acceptable to you, then you have to leave it on. If you can modify the page's JavaScript code, you can use your JavaScript code to call into your .NET code, then pass whatever you want to pass to the iframe through your .NET code. This way there would be no directly call between iframes from JavaScript point of view, thus bypassing the same origin policy.
If you do use this approach, make sure you do NOT do it synchronously. For example, the following code flow will cause problem for you:
1. JavaScript code in frame1 calls .NET code (through JavaScript extension. See the following link for details):
https://www.essentialobjects.com/doc/webbrowser/advanced/jsext.aspx2. Inside your JavaScript extension function (on .NET side) you call EvalScript on frame2;
This is not allowed because step 2 would cause the JavaScript engine to be re-entered (which is not allowed) before the extension function in step 1 returns. In order to avoid re-entering, you must do step 2 asynchronously. A common way to do so is to use BeginInvoke to call the target code instead of calling the target code directly. BeginInvoke is available both in Windows Forms (through Control class) and WPF (through Dispatcher class).
Hope this helps. Please let us know if you still have any questions.
Thanks