At least it sounds like this vulnerability has an easily-deployable fix. One of the reasons Mozilla folks have opposed standardizing particular libraries as part of the Web platform is the risk that a security vulnerability might not be fixable without breaking compatibility.
This tweet is unavailable
2
20
1
35
Some history of comments on Web SQL: lists.w3.org/Archives/Public… lists.w3.org/Archives/Public… lists.w3.org/Archives/Public… lists.w3.org/Archives/Public…
1
2
5
Unfortunately, the browser engine that had the strongest position on not standardizing on libraries was EdgeHTML, and with its demise, I think the Web is stuck with only one implementation of some key pieces (e.g. ECMAScript Internationalization API, parts of the WebRTC stack).

Dec 15, 2018 · 1:10 AM UTC

2
3
1
10
Replying to @davidbaron
With respect to Intl, Edge had already abandoned that position a year earlier and was porting to ICU. This was essential for us to be able to keep making progress, as the Windows I18n API just lacks certain features. For the same reason, they are exposing ICU in Windows.
1
Replying to @davidbaron
philippe normand has been working on using gstreamer for webrtc in WPE at least (and we're doing the same in servo) webaudio is another one, the core processing code is all blink's code. servo is the only other open source impl and we're incomplete and undertested
1
6