(wok.oblomov.eu)

418 points akagusu | 1 comments | 17 Nov 25 15:41 UTC | HN request time: 0.193s | source

Show context

nwellnhof ◴[17 Nov 25 16:33 UTC] No.45955183[source]▶

Removing XSLT from browsers was long overdue and I'm saying that as ex-maintainer of libxslt who probably triggered (not caused) this removal. What's more interesting is that Chromium plans to switch to a Rust-based XML parser. Currently, they seem to favor xml-rs which only implements a subset of XML. So apparently, Google is willing to remove standards-compliant XML support as well. This is a lot more concerning.

replies(11): >>45955239 #>>45955425 #>>45955442 #>>45955667 #>>45955747 #>>45955961 #>>45956057 #>>45957011 #>>45957170 #>>45957880 #>>45977574 #

zetafunction ◴[17 Nov 25 17:16 UTC] No.45955667[source]▶

>>45955183 #

https://issues.chromium.org/issues/451401343 tracks work needed in the upstream xml-rs repository, so it seems like the team is working on addressing issues that would affect standards compliance.

Disclaimer: I work on Chrome and have occasionally dabbled in libxml2/libxslt in the past, but I'm not directly involved in any of the current work.

replies(2): >>45955710 #>>45956175 #

Ygg2 ◴[17 Nov 25 17:20 UTC] No.45955710[source]▶

>>45955667 #

Wait. They are going along with a XML parser that supports DOCTYPES? I get XSLT is ancient and full of exploits, but so is DOCTYPE. Literally poster boy for billion laughs attack (among other vectors).

replies(3): >>45955868 #>>45956180 #>>45956321 #

1. mananaysiempre ◴[17 Nov 25 17:35 UTC] No.45955868[source]▶

>>45955710 #

You don't need DOCTYPE for that, you can put an ENTITY declaration straight in your source file ("internal subset") and the XML spec it needs to be processed. (I seem to recall someone saying that Adobe tools are fond of putting those in their exported SVG files.)

↑

Google is killing the open web, part 2