WebKit suffers from a cross site scripting vulnerability via a focus event and a link element.