test by embedding malicious .js file which bypasses SOP and steal local sensitive info