Breaking out of iFrames on another website / Domain

They have: 426 posts

Joined: Feb 2005

I work in the ad industry and at the moment businesses are popping up with ad verification software that is supposed to police where the advertisers ads are being placed.
Part of this is recording URLS. They claim that they can burst out of an iFrame and record the websites URL?
Is this actually possible and if so, how could they do this unless the website had a file on the server.

Browsers have security built in and do not allow cross site scripting which is what this essentially would be.