https://piergst.github.io/posts/Recent content in Posts on Pierre GiustiHugoen-USFri, 24 Apr 2026 11:11:59 +0200https://piergst.github.io/posts/portswigger-lab-html-parsing-dive/Fri, 24 Apr 2026 11:11:59 +0200https://piergst.github.io/posts/portswigger-lab-html-parsing-dive/A PortSwigger lab on dangling markup injection got me wondering what actually happens between the raw HTML a server sends and what a browser displays. This article traces that journey, from a /login that vanished from the DOM to the HTML tokenizer state machine, tree construction, and DOMPurify sanitization. Less of a write-up, more of an exploration of HTML parsing mechanics.