Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit
in Apple Safari before 4.0 allows user-assisted remote attackers to
inject arbitrary web script or HTML, and read local files, via
vectors related to script execution with incorrect privileges.
Presumably all affected versions are gone from tree. Closing as discussed with keytoaster.