That is not cross-site scripting. What you're describing is called cross-site request forgery (confusing, I know).
forever.b0rked explains what I tried to rhetorically ask Eraserhead
Sorry, I was busy so didn't respond, basically some pages don't display properly in Safari with the error in the web inspector of the following:
Unsafe Javascript attempt to access http://www.somewebsite.com from frame with URL http://blahblah.somewebsite.com domains, protocols and ports must match