Comment by ummonk
3 months ago
If it's a security issue, shouldn't the browsers just replace C++ code with the JS or WASM polyfill themselves?
3 months ago
If it's a security issue, shouldn't the browsers just replace C++ code with the JS or WASM polyfill themselves?
I also wondered about that. They probably don't want to do that because of maintaining, fixing and allocating resources to it then.
Probably a browser extension on the user side can do the same job if an XSLT relying page cannot be updated.
This seems like the kind of thing that won't require any resources to maintain, other than possible bugfixes (which 3rd parties can provide). It only requires parsing and DOM manipulation, so it doesn't really require any features of JS or WASM that would be deprecated in the future, and the XSLT standard that is supported by browsers is frozen - they won't ever have to dedicate resources to adding any additional features.
That is an interesting approach, you could suggest it? In general using JS to implement web APIs is very difficult, but using WASM might work especially for the way XSLTProcessor works today.