Techly NewsGet the app

Get the latest tech news

Should we remove XSLT from the web platform?


What is the issue with the HTML Standard? XSLT v1.0, which all browsers adhere to, was standardized in 1999. In the meantime, XSLT has evolved to v2.0 and v3.0, adding features, and growing apart f...

This lack of advancement, coupled with the rise of JavaScript libraries and frameworks that offer more flexible and powerful DOM manipulation, has led to a significant decline in the use of client-side XSLT. Because client-side XSLT is now a niche, rarely-used feature, these libraries receive far less maintenance and security scrutiny than core JavaScript engines, yet they represent a direct, potent attack surface for processing untrusted web content. Indeed, XSLT is the source of several recent high-profile security exploits that continue to put browser users at risk.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of web platform

web platform

Photo of xslt

xslt

Related news:

News photo

XSLT: A Precision Tool for the Future of Structured Transformation

News photo

XSLT – Native, zero-config build system for the Web

News photo

Xee: A Modern XPath and XSLT Engine in Rust

« Sysadmin cured a medical mystery by shifting a single cable
The U.S. grid is so weak, the AI race may be over »