Primary eng email
Summary
XSLT is a declarative language for transforming XML. Transforming XML into HTML is a typical use on the web. XSLT 1.0 is implemented in Blink, although it’s incomplete. (xsl:include does not work, for example.) Our implementation has been described by users as “far too slow in practice” and “the worst of them all”.
Unfortunately the situation looks unlikely to improve. Adam Barth proposed removing XSLT from Blink two years ago, but we instead investigated alternatives to removing it. We found those alternatives infeasible. We reduced the complexity of the integration in Source/core, but we couldn’t justify larger improvements given the Blink project’s priorities.
Meanwhile, the world has moved on. XSLT 2.0 became a W3C Recommendation in 2007 and XSLT 3.0 reached Last Call in 2014, while relative usage of XSLT 1.0 in Blink has halved since Adam’s 2013 Intent to Deprecate and Remove: XSLT message.
Motivation
I want to remove XSLT to make the binary smaller (up to about 0.5 MB smaller, depending on the platform), make the attack surface smaller, eliminate the maintenance burden of updating the library (which we did rarely in practice), and give us more flexibility in how Blink handles XML.
Compatibility Risk
The specific change I am proposing is (1.) to stop handling <?xml-stylesheet …?> processing instructions in XML documents, and (2.) to remove the XSLTTransform object. These are supported by most browsers so this change reduces compatibility.
I am not proposing any larger changes to XML or XPath.
Alternative implementation suggestion for web developers
Web developers can use a library which implements XSLT. There are client-side libraries and server-side libraries which implement XSLT.
Usage information from UseCounter [1; 2]
Removing support for XSLT will affect less than 0.01% of page views.
There’s a theory that these particular counters are inaccurate because users who use XSLT are less likely to contribute data. The best thing to do is to proceed carefully. We can discuss separately how to do that.
OWP launch tracking bug
Entry on the feature dashboard
https://www.chromestatus.com/features/4730954895589376
Requesting approval to remove too?
Yes.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
Dominic, what timing do you have in mind? Given how negative the feedback was on the original thread, an unusually long deprecation period seems warranted, and it would be good to state a firm date in the deprecation message.
(Mending threads.)w...@rouvenwessling.de wrote:
I think this question was about CSS support in <?xml-stylsheet which I don't think we should be trying to remove with this intent, only xslt support in processing instructions.
http://www.w3.org/Style/styling-XML.en.html
CSS in processing instructions is not a particularly large burden on the engine.
I think this question was about CSS support in <?xml-stylsheet which I don't think we should be trying to remove with this intent, only xslt support in processing instructions.
http://www.w3.org/Style/styling-XML.en.html
CSS in processing instructions is not a particularly large burden on the engine.
On Wed, Jul 29, 2015 at 8:40 PM, Philip Jägenstedt <phi...@opera.com> wrote:Dominic, what timing do you have in mind? Given how negative the feedback was on the original thread, an unusually long deprecation period seems warranted, and it would be good to state a firm date in the deprecation message.I don't have a plan yet. I was thinking of asking people who support Chrome in enterprises about the updating habits of enterprise users. Say that N milestones will reach a reasonable number of them. Then I was thinking we could:1. Let a deprecation message bake for N milestones.2. Turn off XSLT by default, but with the option to re-enable it with a flag for an additional milestone (or two, or N.)3. Remove XSLT entirely.
An alternative would be to advertise that we will remove XSLT as soon as use dips below a certain level (say, half the current level.) This encourages users to report use counters, and it encourages authors who can move to start heading for the exits.
On Thu, Jul 30, 2015 at 1:54 AM, Dominic Cooney <domi...@chromium.org> wrote:On Wed, Jul 29, 2015 at 8:40 PM, Philip Jägenstedt <phi...@opera.com> wrote:Dominic, what timing do you have in mind? Given how negative the feedback was on the original thread, an unusually long deprecation period seems warranted, and it would be good to state a firm date in the deprecation message.I don't have a plan yet. I was thinking of asking people who support Chrome in enterprises about the updating habits of enterprise users. Say that N milestones will reach a reasonable number of them. Then I was thinking we could:1. Let a deprecation message bake for N milestones.2. Turn off XSLT by default, but with the option to re-enable it with a flag for an additional milestone (or two, or N.)3. Remove XSLT entirely.Concretely, does that mean that the deprecation message would say something like "XSLT is deprecated. It will be disabled by default in M46+N and removed in M46+2N"?
I think a reasonable range for N is between 2 (remove in 6 months) and 4 (remove in 12 months), but it'd be great to know what the Chrome enterprise teams thinks.
An alternative would be to advertise that we will remove XSLT as soon as use dips below a certain level (say, half the current level.) This encourages users to report use counters, and it encourages authors who can move to start heading for the exits.I'm somewhat skeptical of this, when usage is this low the deprecation messages are very unlikely to be seen and acted upon, so usage may not drop to half the current level in any reasonable time. In the worst case, some will vote against the removal by deliberately hitting the use counter with new XSLTProcessor()...
Since nobody has mentioned it yet: the showModalDialog removal seems like a very good and successful model to follow. IIRC the key ingredients were deprecation, then hiding it behind a group-policy flag, then eventual removal. Maybe someone can dig up the design docs for that process.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
Since nobody has mentioned it yet: the showModalDialog removal seems like a very good and successful model to follow. IIRC the key ingredients were deprecation, then hiding it behind a group-policy flag, then eventual removal. Maybe someone can dig up the design docs for that process.
From: atwi...@google.com [mailto:atwi...@google.com] On Behalf Of Drew Wilson
Sent: Friday, July 31, 2015 10:06
To: TAMURA, Kent <tk...@chromium.org>; Saswat Panigrahi <sas...@google.com>
Cc: Dominic Cooney <domi...@chromium.org>; blink-dev <blin...@chromium.org>
Subject: Re: [blink-dev] Intent to Deprecate and Remove: XSLT (Again)
+saswat
Typically, we provide 6+ months notice before removing stuff from the web platform. Ideally, we'd give 6+ months notice with some UI affordance in the browser for people using these pages, then deprecate it (remove support by default, but allow it to be re-enabled behind a runtime flag + policy for some further amount of time), then remove the code entirely when we feel comfortable that usage has truly fallen low enough.
-atw
On Fri, Jul 31, 2015 at 8:31 AM, TAMURA, Kent <tk...@chromium.org> wrote:
I don't think we can remove XSLT in a few years.
Google Chrome 44 has a serious regression of XSLT, and the bug got 37 stars in a short period. It represents there are a lot of XSLT users.
XSLT is a large feature. Applications using XSLT need to change their system architecture. They can't stop using XSLT easily.
If we'd like to reduce the binary code size, we should consider dynamic loading of libxml.
Thanks Drew, Domenic and Kent for those points. Some replies inline.On Sat, Aug 1, 2015 at 4:59 AM, Domenic Denicola <d...@domenic.me> wrote:Since nobody has mentioned it yet: the showModalDialog removal seems like a very good and successful model to follow. IIRC the key ingredients were deprecation, then hiding it behind a group-policy flag, then eventual removal. Maybe someone can dig up the design docs for that process.
From: atwi...@google.com [mailto:atwi...@google.com] On Behalf Of Drew Wilson
Sent: Friday, July 31, 2015 10:06
To: TAMURA, Kent <tk...@chromium.org>; Saswat Panigrahi <sas...@google.com>
Cc: Dominic Cooney <domi...@chromium.org>; blink-dev <blin...@chromium.org>
Subject: Re: [blink-dev] Intent to Deprecate and Remove: XSLT (Again)
+saswat
Typically, we provide 6+ months notice before removing stuff from the web platform. Ideally, we'd give 6+ months notice with some UI affordance in the browser for people using these pages, then deprecate it (remove support by default, but allow it to be re-enabled behind a runtime flag + policy for some further amount of time), then remove the code entirely when we feel comfortable that usage has truly fallen low enough.
-atw
On Fri, Jul 31, 2015 at 8:31 AM, TAMURA, Kent <tk...@chromium.org> wrote:
I don't think we can remove XSLT in a few years.
Google Chrome 44 has a serious regression of XSLT, and the bug got 37 stars in a short period. It represents there are a lot of XSLT users.
I can't evaluate what 37 or 45 stars over some period might mean. I see bugs about Fedora/Suse-specific font rendering regressions with 37 stars that we weren't in a rush to fix, and multiple bugs about backspace going "back" with hundreds of stars that we WontFixed. There does not seem to be an obvious way to mine the rate of star accrual.Use counter data is different. Through trial and error the project has compared different levels and has intuition about what level of use is tolerable to remove. Even if XSLT is used heavily in enterprises, given we would consider removing things used three times as much, there is a margin of safety in removing this feature that is used in <0.01% of page loads.At what level of use would you think its appropriate to remove XSLT?
XSLT is a large feature. Applications using XSLT need to change their system architecture. They can't stop using XSLT easily.
If we'd like to reduce the binary code size, we should consider dynamic loading of libxml.
Reducing the binary size is just one benefit of removing XSLT.
On Mon, Aug 3, 2015 at 12:42 PM, TAMURA, Kent <tk...@chromium.org> wrote:On Mon, Aug 3, 2015 at 11:07 AM, Dominic Cooney <domi...@chromium.org> wrote:Thanks Drew, Domenic and Kent for those points. Some replies inline.On Sat, Aug 1, 2015 at 4:59 AM, Domenic Denicola <d...@domenic.me> wrote:Since nobody has mentioned it yet: the showModalDialog removal seems like a very good and successful model to follow. IIRC the key ingredients were deprecation, then hiding it behind a group-policy flag, then eventual removal. Maybe someone can dig up the design docs for that process.
From: atwi...@google.com [mailto:atwi...@google.com] On Behalf Of Drew Wilson
Sent: Friday, July 31, 2015 10:06
To: TAMURA, Kent <tk...@chromium.org>; Saswat Panigrahi <sas...@google.com>
Cc: Dominic Cooney <domi...@chromium.org>; blink-dev <blin...@chromium.org>
Subject: Re: [blink-dev] Intent to Deprecate and Remove: XSLT (Again)
+saswat
Typically, we provide 6+ months notice before removing stuff from the web platform. Ideally, we'd give 6+ months notice with some UI affordance in the browser for people using these pages, then deprecate it (remove support by default, but allow it to be re-enabled behind a runtime flag + policy for some further amount of time), then remove the code entirely when we feel comfortable that usage has truly fallen low enough.
-atw
On Fri, Jul 31, 2015 at 8:31 AM, TAMURA, Kent <tk...@chromium.org> wrote:
I don't think we can remove XSLT in a few years.
Google Chrome 44 has a serious regression of XSLT, and the bug got 37 stars in a short period. It represents there are a lot of XSLT users.
I can't evaluate what 37 or 45 stars over some period might mean. I see bugs about Fedora/Suse-specific font rendering regressions with 37 stars that we weren't in a rush to fix, and multiple bugs about backspace going "back" with hundreds of stars that we WontFixed. There does not seem to be an obvious way to mine the rate of star accrual.Use counter data is different. Through trial and error the project has compared different levels and has intuition about what level of use is tolerable to remove. Even if XSLT is used heavily in enterprises, given we would consider removing things used three times as much, there is a margin of safety in removing this feature that is used in <0.01% of page loads.At what level of use would you think its appropriate to remove XSLT?I don't have a concrete idea, but the use counter should be much smaller than the current value. Attr.ownerElement was 0.0055%, but we failed to remove it.Please refer to "Lessons from the first year of deprecations and removals" section in http://www.chromium.org/blink#TOC-Launch-Process:-Deprecation .
I think the XSLT removal has much more cost than the removal cost of the Attr-related API which we failed to remove.
XSLT is a large feature. Applications using XSLT need to change their system architecture. They can't stop using XSLT easily.
If we'd like to reduce the binary code size, we should consider dynamic loading of libxml.
Reducing the binary size is just one benefit of removing XSLT.Are there other user-benefit?As for attack surface, I think it doesn't matter. libxml is actively maintained, and we also can fix security issues ourselves.
On Mon, Aug 3, 2015 at 11:07 AM, Dominic Cooney <domi...@chromium.org> wrote:Thanks Drew, Domenic and Kent for those points. Some replies inline.On Sat, Aug 1, 2015 at 4:59 AM, Domenic Denicola <d...@domenic.me> wrote:Since nobody has mentioned it yet: the showModalDialog removal seems like a very good and successful model to follow. IIRC the key ingredients were deprecation, then hiding it behind a group-policy flag, then eventual removal. Maybe someone can dig up the design docs for that process.
From: atwi...@google.com [mailto:atwi...@google.com] On Behalf Of Drew Wilson
Sent: Friday, July 31, 2015 10:06
To: TAMURA, Kent <tk...@chromium.org>; Saswat Panigrahi <sas...@google.com>
Cc: Dominic Cooney <domi...@chromium.org>; blink-dev <blin...@chromium.org>
Subject: Re: [blink-dev] Intent to Deprecate and Remove: XSLT (Again)
+saswat
Typically, we provide 6+ months notice before removing stuff from the web platform. Ideally, we'd give 6+ months notice with some UI affordance in the browser for people using these pages, then deprecate it (remove support by default, but allow it to be re-enabled behind a runtime flag + policy for some further amount of time), then remove the code entirely when we feel comfortable that usage has truly fallen low enough.
-atw
On Fri, Jul 31, 2015 at 8:31 AM, TAMURA, Kent <tk...@chromium.org> wrote:
I don't think we can remove XSLT in a few years.
Google Chrome 44 has a serious regression of XSLT, and the bug got 37 stars in a short period. It represents there are a lot of XSLT users.
I can't evaluate what 37 or 45 stars over some period might mean. I see bugs about Fedora/Suse-specific font rendering regressions with 37 stars that we weren't in a rush to fix, and multiple bugs about backspace going "back" with hundreds of stars that we WontFixed. There does not seem to be an obvious way to mine the rate of star accrual.Use counter data is different. Through trial and error the project has compared different levels and has intuition about what level of use is tolerable to remove. Even if XSLT is used heavily in enterprises, given we would consider removing things used three times as much, there is a margin of safety in removing this feature that is used in <0.01% of page loads.At what level of use would you think its appropriate to remove XSLT?I don't have a concrete idea, but the use counter should be much smaller than the current value. Attr.ownerElement was 0.0055%, but we failed to remove it.Please refer to "Lessons from the first year of deprecations and removals" section in http://www.chromium.org/blink#TOC-Launch-Process:-Deprecation .I think the XSLT removal has much more cost than the removal cost of the Attr-related API which we failed to remove.
The API owners met to discuss this issue. We agree that we'd love to eliminate XSLT from blink eventually - it's a proven source of security and other issues that we believe is adding relatively little to the web platform compared to the alternative of XSLT processing on the server or in JS. It's not chromium's goal to retain all functionality used by extremely small (if vocal) subset of users. Users who prefer a more conservative approach to web platform evolution have the choice of other browsers.However, our experience with other high-risk/high-value removals (showModalDialog and NPAPI) has shown us that it's really important to be thoughtful and careful in doing such removals in a way that minimizes the user and developer pain. So in order to approve removing XSLT we'd need to see a well thought out plan that mitigates the damage, with an owner signed up to drive the execution long-term. We suspect a successful plan would include at least the following:
- A case study of one real-world application converting from browser-XSLT to a Javascript-based library.
- Are the libraries really good enough in practice?
- How much work does this end up being?
- What advice do we have developers for making this as painless as possible?
- A fairly long deprecation timeframe (perhaps 1-2 years)
- A plan to reach out to enterprise customers and help them manage the transition
- Eg. do we need a way for admins to force disable XSLT in advance of removal for testing purposes, and then a way to force re-enable it for a few milestones after removal (similar to NPAPI)?
- Should we present any sort of warning to users to help them understand why a site is broken due to lack of XSLT and what they can do about it?
- Some compat data / identification of specific known applications and an outreach plan
- Eg. IE didn't have XSLT but Edge does. Why? Can they share a list of specific compelling applications? cc Jacob Rossi in case he has any insight to share
We recognize this is a substantial undertaking but feel there isn't any easy way out here. If we can't justify putting in this much effort, then instead we must either live with ongoing maintenance burden, or re-start efforts to make maintenance easier. It's very tempting to take shortcuts to save ourselves effort, but this just shifts (and magnifies) costs onto our users and so is not the right choice for the ecosystem at large. If we're going to knowingly inflict non-trivial compat pain on users then we must be willing to do everything possible ourselves to minimize that.Dominic, what do you think? Does this seem like a reasonable position to you? Are you (or anyone else) interested in signing up to own a larger project like this?Thanks,Rick
☆PhistucK
On Fri, Aug 7, 2015 at 6:29 AM, Rick Byers <rby...@chromium.org> wrote:The API owners met to discuss this issue. We agree that we'd love to eliminate XSLT from blink eventually - it's a proven source of security and other issues that we believe is adding relatively little to the web platform compared to the alternative of XSLT processing on the server or in JS. It's not chromium's goal to retain all functionality used by extremely small (if vocal) subset of users. Users who prefer a more conservative approach to web platform evolution have the choice of other browsers.However, our experience with other high-risk/high-value removals (showModalDialog and NPAPI) has shown us that it's really important to be thoughtful and careful in doing such removals in a way that minimizes the user and developer pain. So in order to approve removing XSLT we'd need to see a well thought out plan that mitigates the damage, with an owner signed up to drive the execution long-term. We suspect a successful plan would include at least the following:
- A case study of one real-world application converting from browser-XSLT to a Javascript-based library.
- Are the libraries really good enough in practice?
- How much work does this end up being?
- What advice do we have developers for making this as painless as possible?
- A fairly long deprecation timeframe (perhaps 1-2 years)
- A plan to reach out to enterprise customers and help them manage the transition
- Eg. do we need a way for admins to force disable XSLT in advance of removal for testing purposes, and then a way to force re-enable it for a few milestones after removal (similar to NPAPI)?
- Should we present any sort of warning to users to help them understand why a site is broken due to lack of XSLT and what they can do about it?
- Some compat data / identification of specific known applications and an outreach plan
- Eg. IE didn't have XSLT but Edge does. Why? Can they share a list of specific compelling applications? cc Jacob Rossi in case he has any insight to share
We recognize this is a substantial undertaking but feel there isn't any easy way out here. If we can't justify putting in this much effort, then instead we must either live with ongoing maintenance burden, or re-start efforts to make maintenance easier. It's very tempting to take shortcuts to save ourselves effort, but this just shifts (and magnifies) costs onto our users and so is not the right choice for the ecosystem at large. If we're going to knowingly inflict non-trivial compat pain on users then we must be willing to do everything possible ourselves to minimize that.Dominic, what do you think? Does this seem like a reasonable position to you? Are you (or anyone else) interested in signing up to own a larger project like this?Thanks,RickXML and by extension XSLT is most closely related to DOM, so I think the HTML&DOM team should do this--hence my interest in removing XSLT. I will prepare a document to address the points raised in your email, and resubmit it for the leads' consideration.