As libxml2 enters maintenance limbo, xmloxide emerges as a memory-safe, high-performance Rust implementation that aims to become the new standard for XML/HTML processing in the open-source ecosystem.
The XML parsing landscape is undergoing a significant transformation with the emergence of xmloxide, a pure Rust reimplementation of libxml2, the long-standing de facto standard XML/HTML parsing library. With libxml2 becoming officially unmaintained in December 2025 amid known security vulnerabilities, xmloxide positions itself as a timely alternative that combines memory safety with competitive performance.
The project's ambition is clear: to not merely replicate libxml2's functionality but to improve upon it while maintaining full compatibility. xmloxide achieves a 100% pass rate on both the libxml2 compatibility suite (119/119 tests) and the W3C XML Conformance Test Suite (1727/1727 applicable tests), demonstrating its commitment to being a drop-in replacement.
What makes xmloxide particularly noteworthy is its approach to safety. The library employs an arena-based tree structure with zero unsafe code in its public API, addressing one of libxml2's most significant drawbacks. In an era where memory safety vulnerabilities continue to plague critical infrastructure, this design choice represents a significant step forward for XML processing.
Performance benchmarks reveal xmloxide's competitive advantage. While parsing throughput remains within 3-4% of libxml2 for most documents, it shows a 12% improvement on SVG files. More impressively, serialization is 1.5-2.4x faster, and XPath operations are 1.1-2.7x faster across all benchmarks. These improvements stem from several key optimizations, including arena-based tree design, byte-level pre-checks for character validation, and specialized fast paths for common operations.
The project's comprehensive feature set further strengthens its position as a libxml2 successor. Beyond standard XML parsing, xmloxide supports error recovery for malformed documents, multiple parsing APIs (DOM, SAX2, XmlReader), HTML parsing with error tolerance, XPath 1.0, various validation methods (DTD, RelaxNG, XSD), and even includes a xmllint-compatible CLI tool. This breadth of functionality ensures that xmloxide can serve as a complete replacement for most libxml2 use cases.
For organizations with existing C/C++ codebases, xmloxide offers a C-compatible FFI layer, enabling gradual migration without immediate full rewrites. The library's thread-safe design—each Document is self-contained with no global state—also addresses a common pain point with libxml2 in multi-threaded applications.
However, xmloxide is not without limitations. The project currently implements only XML 1.0 (not the rarely used XML 1.1), lacks XSLT support, and its HTML parser targets HTML 4.01 rather than the modern HTML5 parsing algorithm. Additionally, the push/incremental parser API buffers all data internally rather than providing true streaming capabilities, which may impact memory usage for extremely large documents.
The Rust community's reception has been largely positive, with many developers expressing relief at the prospect of a memory-safe XML parser. "Having a drop-in replacement for libxml2 that's written in Rust is a significant win for ecosystem security," noted one developer on social media. Others have highlighted the performance benefits as particularly compelling for data-intensive applications.
Yet some skeptics question whether xmloxide can truly achieve widespread adoption. "The XML ecosystem is incredibly conservative," observed a long-time maintainer of XML-related tools. "Libxml2 has been the standard for decades, and convincing projects to switch—even a superior alternative—will be an uphill battle."
The project's GitHub repository has already attracted contributions from multiple developers, suggesting growing community interest. The inclusion of comprehensive fuzzing targets also demonstrates a commitment to security that goes beyond what many established libraries provide.
For organizations evaluating xmloxide, the migration path appears straightforward. The project provides detailed documentation for transitioning from libxml2, with clear mappings between the old and new APIs. The fact that xmloxide maintains compatibility with the xmllint CLI tool further reduces migration friction.
As the open-source community continues to prioritize memory safety and performance, xmloxide represents a compelling case study in how modern languages can reimplement critical infrastructure components with tangible benefits. Whether it will successfully supplant libxml2 remains to be seen, but its technical merits and comprehensive feature set position it as a serious contender in the XML processing space.
The project is available on GitHub with detailed documentation and examples for potential adopters. With libxml2's uncertain future, xmloxide may well emerge as the new standard for XML processing in the coming years.
Comments
Please log in or register to join the discussion