Comment by chuckadams
11 hours ago
The issue in question is just one of the several long-unfixed vulnerabilities we know about, from a library that doesn't have that many hands or eyes on it to begin with.
11 hours ago
The issue in question is just one of the several long-unfixed vulnerabilities we know about, from a library that doesn't have that many hands or eyes on it to begin with.
And why doesn’t Google contribute to fixing and maintaining code they use?
Because they don't want to use the code. They begrudgingly use it to support XSLT and now they don't use it.
Maintaining web standards without breaking backwards compatibility is literally what they signed up for when they decided to make a browser. If they didn't want to do that job, they shouldn't have made one.
7 replies →
Because in this case it doesn't contribute to their ability to deliver ads.
If that was case they would switch to (rust XPath/XSLT) Xee.