HTML injection / content spoofing TL;DR: Attacker-controlled HTML rendered without script execution — still phishes, deceives, leaks via dangling markup. Stub — to be filled in. What it is TODO Preconditions / where it applies TODO Technique TODO Detection and defence TODO References https://portswigger.net/web-security/cross-site-scripting/dangling-markup