Not completely true - the attacker can not exfiltrate the token but they can still make malicious requests right there in the victim's browser via XSS.