TL;DR: Eight canonical XSW variants that move the signed element so the parser validates one assertion and consumes another.
Stub — to be filled in.
What it is
TODO
Preconditions / where it applies
TODO
Technique
TODO
Detection and defence
TODO
References