SKILL: Dangling Markup Injection — Exfiltration Without JavaScript

AI LOAD INSTRUCTION: Covers dangling markup exfiltration via unclosed img/form/base/meta/link/table tags, what can be stolen (CSRF tokens, pre-filled form values, sensitive content), browser-specific behavior, and combinations with other attacks. Base models often overlook this technique entirely when CSP blocks scripts, jumping to "not exploitable" — dangling markup is the answer.

0. RELATED ROUTING

• xss-cross-site-scripting when full XSS is possible (no need for dangling markup)
• csp-bypass-advanced when CSP blocks JS execution — dangling markup bypasses script restrictions
• csrf-cross-site-request-forgery when dangling markup steals CSRF tokens for subsequent CSRF attacks
• crlf-injection when CRLF enables HTML injection in HTTP response
• web-cache-deception when dangling markup + cache poisoning amplifies the attack

1. WHEN TO USE DANGLING MARKUP

You need dangling markup when ALL of these are true: