November 30, 2023

A cross-site scripting vulnerability in AMP for Email, Gmail’s dynamic email feature, discovered by the  security researcher that earned him a $5,000 bug bounty.

AMP for Email brings AMP functionality to rich, interactive emails. AMP itself is an open-source HTML framework used to optimize websites for web browsing on mobile.


To circumvent an XSS filter is by tricking it into a different rendering context than what the browser will use to render a given piece of code. Since AMP for Email forbids the likes of templates, SVG, math, and CSS, he instead targeted stylesheets as a potential path to an XSS payload with multiple rendering contexts.

A discrepancy between how the stylesheet is rendered by the filter and browser is required, either by tricking the filter into believing a fake style tag is real, or the exact opposite.

Researcher’s initial vector worked in the sandbox because AMP leaves the CSS context as soon as it encounters the string ‘</style’ even if it doesn’t have a closing bracket (>) or at least a whitespace after it. By which the filter can be tricked into believing we’re back in HTML context, while the browser obviously ignores </styleX> entirely and stays well within the realm of CSS.

A breakthrough came when harnessed a CSS selector, which ensured the payload was returned unchanged by Gmail no escaping or other mutations. The malicious payload prompted an error after the AMP sandbox encountered ‘</style’, so Cohen tried </styl>, but Gmail’s filter was wise to its resemblance to </style>.


This issue was reported to Google on March 27, 2021 and on July 7 that it had been fixed.

This research was documented by researcher Adi Cohen

Leave a Reply

%d bloggers like this: