Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Why not just write an XSLT implementation in JS/WASM, or compile the existing one to WASM? This is the same approach that Firefox uses for PDFs and Ruffle for Flash. That way it is still supported by the browser and sandboxed.




This already exists, and I agree that it's the best solution here, but for some reason this was rejected by the Chrome developers. I discussed this solution a little more elsewhere in the thread [0].

[0]: https://news.ycombinator.com/item?id=45874461

reply


Very interesting, thanks.

One point from one of the linked threads I find particularly puzzling:

> I think the issue with XSLT isn't necessarily the size of the attack surface, it's the lack of attention and usage.

> I.e. nearly 100% of sites use JS, while 1/10000 of those use XSLT. So all of the engineering energy (rightfully) goes to JS, not XSLT.

XSLT is a finished standard. Not everything needs to evolve. If the implementation works and is safe, what speaks against keeping it?

reply




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: