L. David Baron @dbaron@w3c.social · Dec 15, 2018 · 1:04 AM UTC

L. David Baron @dbaron@w3c.social · Dec 15, 2018 · 1:04 AM UTC

L. David Baron @dbaron@w3c.social

L. David Baron @dbaron@w3c.social @davidbaron

15 Dec 2018

At least it sounds like this vulnerability has an easily-deployable fix. One of the reasons Mozilla folks have opposed standardizing particular libraries as part of the Web platform is the risk that a security vulnerability might not be fixable without breaking compatibility.

This tweet is unavailable

Dec 15, 2018 · 1:04 AM UTC

L. David Baron @dbaron@w3c.social · Dec 15, 2018 · 1:04 AM UTC

L. David Baron @dbaron@w3c.social @davidbaron

15 Dec 2018

Some history of comments on Web SQL: lists.w3.org/Archives/Public… lists.w3.org/Archives/Public… lists.w3.org/Archives/Public… lists.w3.org/Archives/Public…

L. David Baron @dbaron@w3c.social · Dec 15, 2018 · 1:10 AM UTC

L. David Baron @dbaron@w3c.social @davidbaron

15 Dec 2018

Unfortunately, the browser engine that had the strongest position on not standardizing on libraries was EdgeHTML, and with its demise, I think the Web is stuck with only one implementation of some key pieces (e.g. ECMAScript Internationalization API, parts of the WebRTC stack).

Marc Espie · Dec 15, 2018 · 12:59 PM UTC

Marc Espie @espie_openbsd

15 Dec 2018

Replying to @davidbaron

That's a fallacious argument. Watch google. they push hard at standardizing protocols, while not giving a second thought to breaking compatibility for security reasons.