Fix formatting of alternate subresources section

Author: carlospolop

src/pentesting-web/xs-search/cookie-bomb-+-onerror-xs-leak.md

@@ -131,7 +131,7 @@ Tips to build the oracle
 - Inflate headers: repeat cookie bombing until a consistent error is observed on the “heavy” path. Servers commonly cap header size and will fail sooner when many cookies are present.
 - Stabilize: fire multiple parallel cookie set operations and probe repeatedly to average out timing and caching noise.
 - Bust caches and avoid pooling artifacts: add a random `#fragment` or `?r=` to probe URLs, and prefer distinct window names when using window.open loops.
-- Alternate subresources: if <script> is filtered, try <link rel=stylesheet> or <img>. The onload/onerror boolean is the oracle; content never needs to be parsed.
+- Alternate subresources: if `<script>` is filtered, try `<link rel=stylesheet>` or `<img>`. The onload/onerror boolean is the oracle; content never needs to be parsed.
 
 Common header/URL limits (useful thresholds)
 - Reverse proxies/CDNs and servers enforce different caps. As of October 2025, Cloudflare documents 128 KB total for request headers (and 16 KB URL) on the edge, so you may need more/larger cookies when targets sit behind it. Other stacks (e.g., Apache via LimitRequestFieldSize) are often closer to ~8 KB per header line and will hit errors earlier. Adjust bomb size accordingly. [Cloudflare docs show the 128 KB header limit.]
@@ -166,4 +166,4 @@ Notes
 - MDN: 431 Request Header Fields Too Large (common with many cookies): https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/431
 - LA CTF 2024 writeup note showing a de Bruijn cookie-bomb oracle: https://gist.github.com/arkark/5787676037003362131f30ca7c753627
 - Cloudflare edge limits (URLs 16 KB, request headers 128 KB): https://developers.cloudflare.com/fundamentals/reference/connection-limits/
-{{#include ../../banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}