Properly render sublists

[philippederyck]

Section 5.1.2 contains a sublist, but it is not rendered properly

### Persistent Token Theft {#payload-persistent-theft}

This attack scenario is a more advanced variation on the Single-Execution Token Theft scenario ({{payload-single-theft}}). Instead of immediately stealing tokens upon the execution of the malicious payload, the attacker sets up the necessary handlers to steal the application's tokens on a continuous basis. This scenario consists of the following steps:

- Execute malicious JS code
- Setup a continuous token theft mechanism (e.g., on a 10-second time interval)
      - Obtain tokens from the application's preferred storage mechanism (See {{token-storage}})
      - Send the tokens to a server controlled by the attacker
      - Store the tokens
- Wait until the opportune moment to abuse the latest version of the stolen tokens

The crucial difference in this scenario is that the attacker always has access to the latest tokens used by the application. This slight variation in the payload already suffices to counter typical defenses against token theft, such as short lifetimes or refresh token rotation.

For access tokens, the attacker now obtains the latest acce

[philippederyck]

@aaronpk I don't know where to find an updated draft from #45, so I cannot check if this now renders correctly. It should though ...

[aaronpk]

Yep looks good now