**tl;dr**

+ XSS + HTML sanitization library [(ammonia)](https://github.com/rust-ammonia/ammonia/tree/master) bypass
+ Namespace confusion in ammonia using custom allowed extra tags(math & style)
```
<math><annotation-xml encoding="text/html"><style></style></annotation-xml></math>
```

Original writeup (https://blog.bi0s.in/2023/10/16/Web/awesomenotes-2-HackluCTF2023/).