Updates

RustSec flags ammonia XSS flaw in MathML sanitization handling

Am I exposed if I use ammonia? Only if MathML is enabled with annotation-xml and encoding stripped, RustSec said.

Jamie Taylor··2 min read
Published
Listen to this article0:00 min
RustSec flags ammonia XSS flaw in MathML sanitization handling
Source: checkmarx.com

Am I exposed if I use ammonia? Only if your sanitizer explicitly enables MathML’s math and annotation-xml tags, and leaves the encoding attribute disabled, because RustSec’s RUSTSEC-2026-0193 shows that exact setup can be turned into a mutation XSS that injects arbitrary JavaScript into a browser.

The advisory, published June 30, 2026, describes the flaw as a format-injection and XSS issue in ammonia’s handling of MathML’s annotation-xml integration point. The database entry itself is dated June 29, and the vulnerability was traced by ivan0912 through local differential analysis and source review of ammonia’s sanitization pipeline.

AI-generated illustration
AI-generated illustration

For Rust applications, the practical question is not whether ammonia is broken in the abstract, but whether a deployment ever opted into the narrow configuration that makes the bug reachable. The advisory says the attack only works when math and annotation-xml are both allowed and encoding is disabled, because the sanitized output can be reinterpreted by the browser after attribute stripping and namespace-sensitive parsing. That means the risk sits with web-facing Rust services that deliberately preserve MathML in user content, not with the broader set of ammonia users that never enabled those tags.

The good news is that the blast radius stays small if your configuration never allowed the raw-text tags involved in the bypass. RustSec lists title, textarea, xmp, iframe, noembed, noframes, plaintext, noscript, style, and script as tags that are not allowed by default, and says the issue does not affect applications that do not explicitly permit them. The patched releases are 4.1.3, 4.0.2, and 3.3.2, depending on branch.

This was not an isolated namespace oddity. In September 2025, GitHub’s advisory database recorded GHSA-mm7x-qfjj-5g2c for a related ammonia mutation XSS involving embedded SVG and MathML, with fixes in 4.1.2, 4.0.1, and 3.3.1. RustSec also carried the matching RUSTSEC-2025-0071 entry, and the new advisory fits the same pattern: browser parsing rules, not Rust’s memory model, define the danger zone.

Ammonia describes itself as a whitelist-based HTML sanitization library that uses html5ever to parse and serialize fragments the way browsers do. That design is exactly why MathML edge cases matter so much here. If your app never enabled the specific MathML path, the answer to “am I exposed?” stays no; if it did, this is the kind of sanitizer bug that deserves a branch-level upgrade before the next user-generated payload reaches the browser.

This article was produced by Prism’s automated news system from verified source data, official records, and press releases, then run through automated quality and moderation checks before publishing. The system is built and supervised by the people who set the standards it runs under. Read our full AI policy.

Did this article answer your question?

Discussion

More Rust Programming News