Simon Willison 11/5/2025

Removing XSLT for a more secure browser

Read Original

Chrome has officially announced plans to deprecate and remove XSLT support by version 155 in November 2026, citing significant security risks. Firefox and WebKit are also following suit. The primary reason is that the underlying C/C++ libraries (like libxslt) are complex, aging, and susceptible to memory safety vulnerabilities, posing an unnecessary threat to browser security.

0 comments
#deprecation #memory safety #Xslt
Removing XSLT for a more secure browser

Comments

No comments yet

Be the first to share your thoughts!

Browser Extension

Get instant access to AllDevBlogs from your browser

Top of the Week

1
React vs Browser APIs (Mental Model)
Jivbcoop 4 votes
2
React, useEffect, and Stale Closures: How to Avoid Them with Dependencies and useRef
Jivbcoop 3 votes
3
Better react-hook-form Smart Form Components
Maarten Hus 2 votes
4
Building Type-Safe Compound Components
TkDodo Dominik Dorfmeister 2 votes
5
Dew Drop – January 15, 2026 (#4583)
Alvin Ashcraft 1 votes
6
Using Browser Apis In React Practical Guide
Jivbcoop 1 votes
7
Building a Complete FIRE Calculator App with GitHub Copilot in One Chat Session
James Montemagno 1 votes