michael@0: document.open();
michael@0: document.write("This is insecure XSS script " + document.cookie);
michael@0: isSecurityState("broken", "security broken after document write from unsecure script");
michael@0: finish();