October 31, 2025
Unplugging 1999
Intent to Deprecate and Remove: Deprecate and Remove XSLT
Chrome dumps a 1999 web relic — cheers, boos, and a whole lot of popcorn
TLDR: Chrome is retiring XSLT in the name of security and low usage, with temporary opt-outs and a polyfill to soften the blow. Commenters are split between “kill the legacy,” “XSLT is elegant,” and “make browsers minimal,” turning a niche feature’s sunset into a full-on culture clash.
Chromium just said it out loud: XSLT, the old-school XML-to-HTML transformer from 1999, is getting booted from the browser. The reason? Security and dust. The library behind it went quiet for months, it’s classic C code (read: hackable), and almost nobody uses it anymore. Standards folks have given a green light, other browsers are lining up, and Chrome plans to phase it out over several releases, with temporary opt‑outs for sites and companies. There’s even a one‑line drop‑in “polyfill” and an extension so users can keep pages working.
The comments? Absolute theater. The “good riddance” camp popped confetti: shed the dead weight and move on. One user even joked about stuffing yet another thing into the browser (“MCP next?”). On the flip side, the nostalgia squad swore XSLT is elegant and powerful, unfairly eclipsed by today’s JavaScript industrial complex. A third faction went full minimalist manifesto: make browsers tiny, shove everything else into WebAssembly, and cut attack surface to the bone. Meanwhile, tooling drama flared—some argued clunky, pricey ecosystems smothered XSLT’s future. Memes about “unplugging 1999” and XML dads losing custody of their transforms flew. Want the backstory? The saga continues in this HN thread. For now, Chrome’s balancing act: break a few, protect everyone.
Key Points
- •Chromium intends to deprecate and remove client-side XSLT due to security risks and low usage.
- •Deprecation is planned for M143; removal in M155, with Origin Trial and Enterprise Policy support until M164.
- •WHATWG advanced the deprecation to stage 3, and other browser engines also plan to deprecate XSLT.
- •libxslt, used by Chromium for XSLT, was unmaintained for ~6 months in 2025 and poses memory safety risks.
- •Mitigations include a near drop-in polyfill, outreach, origin trials, and enterprise policies, with surveys showing most sites function without XSLT or with the polyfill.