RUSTSEC-2021-0074: 
Rust vulnerability analysis and mitigation

A security vulnerability (RUSTSEC-2021-0074) was discovered in the ammonia crate versions before 3.1.0 for Rust. The vulnerability relates to Cross-Site Scripting (XSS) that can occur due to mishandling of parsing differences between HTML, SVG, and MathML namespaces, similar to CVE-2020-26870 (NVD).

The vulnerability stems from incorrect handling of namespace switching in HTML parsing. Specifically, when certain tags (like iframe, title, textarea, xmp, noembed, noframes, plaintext, noscript, style, script) are allowed and used within different namespaces (HTML vs SVG/MathML), the parsing behavior differs. In HTML namespace, these tags are parsed in RCDATA state and can only contain text nodes, while in SVG/MathML namespaces, they can have child elements. This difference in parsing behavior, combined with Ammonia's cleanup process losing namespace information, could lead to XSS (GitHub PR).

The vulnerability could allow attackers to execute cross-site scripting (XSS) attacks by exploiting the parsing differences between HTML and foreign content namespaces (SVG/MathML). This could potentially lead to unauthorized script execution in the context of the victim's browser (NVD).

The issue was fixed in ammonia version 3.1.0 by implementing checks for unexpected namespace switches after cleanup. Elements that change namespace at unexpected points are now removed. Users should upgrade to version 3.1.0 or later to address this vulnerability (GitHub PR).