Clicking the button below instructs the application to perform an operation based on the secret it has stored. In this example, we simply calculate the hash of the secret. Imagine this to be more elaborate application functionality that relies on the secret.
Clicking the button below calls a JavaScript function provided by a third-party library. This library is hosted on a CDN and has been compromised by the attacker. Executing the code also executes (harmless) malicious code.
This scenario illustrates a pattern of storing data in the browser. For more context, please refer to the security cheat sheet on Secure data storage in the browser