0.02% of page loads is honestly way more than I would’ve expected. The fact that they would look at that number and see an excuse to remove a feature like this is honestly a gigantic red flag for the way these browsers are being developed. Granted, it’s not that surprising if you’ve been paying attention to the embrace-extend-extinguish march of web technologies towards a walled garden controlled by tech giants, but this is part of the writing on the wall, folks.
Google says it’s removing XSLT to address security vulnerabilities. The underlying library that processes XSLT in Chrome (libxslt) is an aging C/C++ codebase with known memory safety issues. Chrome’s team argues that because only about 0.02% of page loads use XSLT, it’s not worth the maintenance burden.
It’s debatable whether Google, with all its resources, really needs to do this, especially given that 0.02% of all page loads is still quite a lot. But there are certainly times when it’s better to just delete seldom-used old code from your project to lower the maintenance burden and reduce the surface area for attacks.
Big tech has been straining the libxml2 dev who recently got annoyed with them. Instead of helping maintain the libraries they ship on billions of computers, Google is trying to reduce there use.
Surely given the volume of browser usage, 0.02% is still a very substantial amount of usage. Lazy fucks
0.02% of page loads is honestly way more than I would’ve expected. The fact that they would look at that number and see an excuse to remove a feature like this is honestly a gigantic red flag for the way these browsers are being developed. Granted, it’s not that surprising if you’ve been paying attention to the embrace-extend-extinguish march of web technologies towards a walled garden controlled by tech giants, but this is part of the writing on the wall, folks.
I’m not entirely sure what the “maintenance burden” even is on a tech that hasn’t changed in decades.
what burden? I thought burdens don’t exist anymore thanks to the power of LLMs???
From the article:
It’s debatable whether Google, with all its resources, really needs to do this, especially given that 0.02% of all page loads is still quite a lot. But there are certainly times when it’s better to just delete seldom-used old code from your project to lower the maintenance burden and reduce the surface area for attacks.
Big tech has been straining the libxml2 dev who recently got annoyed with them. Instead of helping maintain the libraries they ship on billions of computers, Google is trying to reduce there use.
https://socket.dev/blog/libxml2-maintainer-ends-embargoed-vulnerability-reports