Enter your name:
Try entering <script>alert(1)</script> as your name. (it won't work!)
.innerHTML no longer runs <script> tags but you can use another payload <img src='x' onerror='alert(1)'>
Why is this different from reflected? This one doesn't use the URL to load the payload. Normally stored payloads will come from Databases but in this example it's in local storage. You can refresh and it will trigger but on a new browser you won't encounter this
If instead of name for your profile on a social media platoform and so everytime someone visited your page it would trigger the payload
For more go to Portswigger