| ▲ | Fileformat 20 hours ago |
| One extremely important XSLT use-case is for RSS/Atom feeds. Right now, clicking on a link to feed brings up a wall of XML (or worse, a download link). If the feed has an XSLT stylesheet, it can be presented in a way that a newcomer can understand and use. I realize that not that many feeds are actually doing this, but that's because feed authors are tech-savvy and know what to do with an RSS/Atom link. But someone who hasn't seen/used an RSS reader will see a wall of plain-text gibberish (or a prompt to download the wall of gibberish). XSLT is currently the only way to make feeds into something that can still be viewed. I think RSS/Atom are key technologies for the open web, and discovery is extremely important. Cancelling XSLT is going in the wrong direction (IMHO). I've done a bunch of things to try to get people to use XSLT in their feeds: https://www.rss.style/ You can see it in action on an RSS feed here (served as real XML, not HTML: do view/source): https://www.fileformat.info/news/rss.xml |
|
| ▲ | geocar 17 hours ago | parent | next [-] |
| > One extremely important... Not to downplay what you think is important, but I think it's pretty important that governments and public bodies use XSLT. https://www.congress.gov/117/bills/hr3617/BILLS-117hr3617ih.... https://www.govinfo.gov/content/pkg/BILLS-119hr400ih/xml/BIL... https://www.weather.gov/xml/current_obs/KABE.xml https://www.europarl.europa.eu/politicalparties/index_en.xml https://apps.tga.gov.au/downloads/sequence-description.xml https://cwfis.cfs.nrcan.gc.ca/downloads/fwi_obs/WeatherStati... https://converters.eionet.europa.eu/xmlfile/EPRTR_MethodType... They don't put ads on their sites, so I'm not surprised Google doesn't give a fuck about them... |
| |
| ▲ | cedilla 14 hours ago | parent | next [-] | | Many governments and public bodies used Flash, ActiveX and Java applets, but I'm certainly glad we got rid of those. | | |
| ▲ | al_be_back 13 hours ago | parent [-] | | Replaced them with App stores, why one code base when you can have N code bases: web sites, ios, android , tv … cheaper, privacy-oriented and more secure lol obviously not, doesn’t help the consumer or the developer. Xslt is brilliant at transforming raw data, a tree or table for example, without having to install Office apps or paying a number of providers to simply view it without massive disruption loops. |
| |
| ▲ | jiggawatts 15 hours ago | parent | prev [-] | | > “They don't put ads on their sites, so I'm not surprised…” Similarly, Chrome regularly breaks or outright drops support for web features used only in private enterprise networks. Think NTLM or Kerberos authentication, private CA revocation list checking, that kind of thing. Again, nobody uses Google Ads on internal apps! |
|
|
| ▲ | acabal 20 hours ago | parent | prev | next [-] |
| We do the same with our feeds at Standard Ebooks: https://standardebooks.org/feeds/rss/new-releases The page is XML but styled with XSLT. |
|
| ▲ | yegle 20 hours ago | parent | prev | next [-] |
| FWIW the original post explicitly mentioned this use case and offered two ways to workaround. |
| |
| ▲ | Fileformat 20 hours ago | parent | next [-] | | Gotta love the reference to the <link> header element. There used to be an icon in the browser URL bar when a site had a feed, but they nuked that too. | | |
| ▲ | cosmic_cheese 19 hours ago | parent | next [-] | | > There used to be an icon in the browser URL bar when a site had a feed, but they nuked that too. This is actually a feature of Orion[0], and among the reasons why I believe it to be one of the most (power) user-oriented browsers in active development. It's such a basic thing that there's really no good reason to remove the feature outright (as mainstream browsers have), especially when the cited reason is to "reduce clutter" which has been added back tenfold with garbage like chatbots and shopping assistants. [0]: https://kagi.com/orion/ | |
| ▲ | jeffbee 20 hours ago | parent | prev [-] | | Man, reaching way back in history here, but this reminds me of why I stopped contributing to Mozilla decades ago. My contribution was the link toolbar, that was supposed to give a UI representation of the canonical link elements like next and prev and whatnot. At the last minute before a major release some jerkhole of a product manager at AOL cut my feature from the release. It's incredible the way such pretty bureaucrats have shaped web browsers over the years. | | |
| ▲ | shadowgovt 15 hours ago | parent [-] | | Good user-facing software tends to have a coherent vision, and that involves getting features cut that people put a lot of time and effort into; even though those features have value, it's possible they don't have value in the product under development. I don't really have enough context to say whether that was the case here. Mostly I'm raising the comment to note that this is an issue in commercial software too, but the sting is immediately moderated by "At least you got paid." It's a lot easier to see one's work fail to be reflected in the finished product when you can dry your tears with the bills in your money-pile (and I don't know how open source competes in things as cut-throat and taste-opinionated as UI when that continues to be true without solving the problem by injecting money into the process, which carries its own risks). | | |
| ▲ | throwaway290 9 hours ago | parent [-] | | It's a browser. its job is render HTML if a fix renders HTML better and more complete it should be done. it is always possible to make it configurable or change it later. instead mozilla is pushing anti-web llm integrations. |
|
|
| |
| ▲ | lunar_mycroft 20 hours ago | parent | prev | next [-] | | iIRC, all of the proposed workarounds involved updating the sites using XSLT, which may not always be particularly easy, or even something publishers will realize they need to do. | |
| ▲ | fevangelou 19 hours ago | parent | prev [-] | | Here's a 3rd option :) For RSS/Atom feeds presented as links in a site (for convenience to users), developers can always offer a simple preview for the feed output using: https://feedreader.xyz/ Just URL-encode the feed like so: https://feedreader.xyz/?url=https%3A%2F%2Fwww.theverge.com%2... ...and you get a nice preview that's human readable. |
|
|
| ▲ | chrisweekly 20 hours ago | parent | prev | next [-] |
| Another use case I discovered and implemented many years ago was styling a sitemap.xml for improved UX / aesthetics. |
|
| ▲ | AlecSchueler 18 hours ago | parent | prev | next [-] |
| > not that many feeds are actually doing this Isn't this kind of an argument for dropping it? Yeah it would be great if it was in use but even the people who are clicking and providing RSS feeds don't seem to care that much. |
| |
| ▲ | Fileformat 18 hours ago | parent [-] | | You are probably right, but it is depressing how techies don't see the big picture & don't want to provide an on-ramp to the RSS/Atom world for newcomers. | | |
| ▲ | wryoak 16 hours ago | parent | next [-] | | Google is widely faulted with effectively killing RSS by pulling the plug on Reader (I, for example, haven’t used RSS since), so I don’t think they’re missing the big picture, I think they just prefer a different picture | | |
| ▲ | pjmlp 15 hours ago | parent | next [-] | | I never got the backslash with Reader, having always used native apps to handle RSS. | | |
| ▲ | wryoak 15 hours ago | parent [-] | | Native apps are always better, but having a web page syncing your feeds made it easier to access them, eg from the library or work computer. Not to mention nothing to install (or update) reduces friction. I didn’t have to stop using RSS, but the newly exposed hurdles were enough discouragement that I did stop |
| |
| ▲ | shadowgovt 15 hours ago | parent | prev [-] | | It's probably worth considering that if the technology could be killed by one company pulling its chips off the board, perhaps the technology wasn't standing on its own. We still use RSS and Atom feeds for podcasts. It's a pretty widely-adopted use case. Perhaps there is a lot more to the contraction of RSS as a way for discovering publishing of "blog"-style media than "Reader got killed" (it seems like Reader offered more features than just RSS consolidation that someone could, hypothetically, build... But nobody has yet?). |
| |
| ▲ | its-summertime 4 hours ago | parent | prev [-] | | How does displaying XML using a client-side transform provide a better on-ramp compared to displaying XML using a server-side transform? |
|
|
|
| ▲ | jerf 20 hours ago | parent | prev | next [-] |
| I've been involved in the RSS world since the beginning and I've never clicked on an RSS link and expected it to be rendered in a "nice" way, nor have I seen one. "XSLT is currently the only way to make feeds into something that can still be viewed." You could use content negotiation just fine. I just hit my personal rss.xml file, and the browser sent this as the Accept header: text/html,application/xhtml+xml,application/xml;
q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
except it has no newline, which I added for HN.You can easily ship out an HTML rendering of an RSS file based on this. You can have your server render an XSLT if you must. You can have your server send out some XSLT implemented in JS that will come along at some point. To a first approximation, nobody cares enough to use content negotiation any more than anyone cares about providing XML stylesheets. The tech isn't the problem, the not caring is... and the not caring isn't actually that big a problem either. It's been that way for a long time and we aren't actually all that bothered about it. It's just a "wouldn't it be nice" that comes up on those rare occasions like this when it's the topic of conversation and doesn't cross anyone's mind otherwise. |
| |
| ▲ | cbarrick 18 hours ago | parent | next [-] | | You've been in the RSS world since the beginning and never seen a stylized feed? I've not been in the RSS world very much. I don't use news readers. And even I have seen a stylized RSS in the wild. Our individual experiences are of course anecdotal, I'm just surprised at how different they are given your background. | |
| ▲ | cosmic_cheese 19 hours ago | parent | prev | next [-] | | > nor have I seen one. Once upon a time, nice in-browser rendering of RSS/Atom feeds complete with search and sorting was a headliner feature of Safari. https://www.askdavetaylor.com/how_do_i_subscribe_to_rss_feed... | |
| ▲ | bawolff 18 hours ago | parent | prev | next [-] | | I think it used to be more popular in early days. At one point i think firefox was styling rss feeds by default so people stopped using xslt as much. You can still style them with css if you want. I dont really see the point. RSS is for machines to read not humans. | |
| ▲ | Groxx 16 hours ago | parent | prev | next [-] | | there's a fairly good chance that you simply haven't noticed, because it was working as intended, e.g. https://standardebooks.org/feeds/rss/new-releases from: https://news.ycombinator.com/item?id=45824952 | |
| ▲ | Fileformat 18 hours ago | parent | prev | next [-] | | Another point: it is shocking how many feeds have errors in them. I analyzed the feeds of some of the top contributors on HN, and almost all had something wrong with them. Even RSS wizards would benefit from looking at a human-readable version instead of raw XML. I ended up writing a feed analyzer that you can try on your feed: https://www.rss.style/feed-analyzer.html | | |
| ▲ | chrismorgan 20 minutes ago | parent [-] | | > I analyzed the feeds of some of the top contributors on HN, and almost all had something wrong with them. I’m sceptical about your analysis, because your tool makes spurious complaints about my feed <https://chrismorgan.info/feed.xml> which show that it’s not parsing XML correctly. For stupid reasons¹ that I decided not to fix or work around, slashes are mostly encoded as /, which is perfectly valid, but your tool fails to decode the entities inside attribute values. I don’t know what dodgy parser you’re using, it’s possible this is the only thing it gets wrong about parsing XML, but it doesn’t instil confidence. I would expect a strict XML parser to be more reliable. I’ve literally only once encountered a feed that was invalid XML². Liberal parsing is not a virtue, it’s fragile in a different way. Postel was wrong. —⁂— ¹ I wish OWASP’s XSS protection cheat sheet had never been written. I will say no more. ² WordPress thinks it’s okay to encode U+0003 as  in an XML 1.0 document. |
| |
| ▲ | Fileformat 18 hours ago | parent | prev | next [-] | | That's my point: you know all about RSS & feeds and don't need it. But what about someone who hasn't been using them since the beginning? I think every page with an RSS feed should have a link to the feed in the html body. And it should be friendly to people who are not RSS wizards. | |
| ▲ | AlecSchueler 18 hours ago | parent | prev | next [-] | | > I've been involved in the RSS world since the beginning and I've never clicked on an RSS link and expected it to be rendered in a "nice" way, nor have I seen one. Maybe it's more for people who have no idea what RSS is and click on the intriguing icon. If they weren't greeted with a load of what seems like nonsense for nerds there could have been broader adoption of RSS. | | |
| ▲ | klez 18 hours ago | parent [-] | | > If they weren't greeted with a load of what seems like nonsense for nerds there could have been broader adoption of RSS. Why? Wouldn't just see a different view of the same website that had that intriguing icon and go "ok, so what?" If they don't know what an RSS feed is, seeing a stylized version isn't really going to help them understand, imho. | | |
| |
| ▲ | doctorpangloss 19 hours ago | parent | prev | next [-] | | The phrase you are looking for to describe this discourse is “concern trolling.” | |
| ▲ | zamalek 20 hours ago | parent | prev [-] | | > I've been involved in the RSS world since the beginning and I've never clicked on an RSS link and expected it to be rendered in a "nice" way, nor have I seen one. So that excludes you from the "someone who hasn't seen/used a RSS reader" demographic mentioned in the comment you are replying to. |
|
|
| ▲ | thesuitonym 16 hours ago | parent | prev | next [-] |
| I never realized styling RSS feeds was an options. Now looking at some of the examples, I wonder how many times I've clicked on "Feed", then rolled my eyes and closed it because I thought it wasn't RSS. More than zero, I'm sure. |
|
| ▲ | behringer 15 hours ago | parent | prev | next [-] |
| It's the right direction if you're google. This is why Google should not be allowed to control the web. Support firefox, dump google. |
|
| ▲ | chuckadams 20 hours ago | parent | prev [-] |
| > Cancelling XSLT is going in the wrong direction (IMHO). XSLT isn't going anywhere: hardwiring into the browser an implementation that's known to be insecure and is basically unmaintained is what's going away. The people doing the wailing/rending/gnashing about the removal of libxslt needed to step up to fix and maintain it. It seems like something an extension ought to be capable of, and if not, fix the extension API so it can. In firefox I think it would be a full-blown plugin, which is a lower-level thing than an extension, but I don't know whether Chromium even has a concept of such a thing. |
| |
| ▲ | dragonwriter 19 hours ago | parent | next [-] | | > XSLT isn't going anywhere: hardwiring into the browser an implementation that's known to be insecure and is basically unmaintained is what's going away. Not having it available from the browser really reduces the ability to use it in many cases, and lots of the nonbrowser XSLT ecosystem relies on the same insecure, unmaintained implementation. There is at least one major alternative (Saxon), and if browser support was switching backing implementation rather than just ending support, “XSLT isn’t going anywhere” would be a more natural conclusion, but that’s not, for whatever reason, the case. | | |
| ▲ | tptacek 19 hours ago | parent [-] | | Your argument here includes that browsers should retain native XSLT implementations because non-browsers have bad XSLT implementations? | | |
| ▲ | dragonwriter 18 hours ago | parent | next [-] | | I don’t see anything that looks remotely like a normative argument about what browsers should or should not do anywhere in my post that you are responding to, did you perhaps mean to respond to some other post? My point was that the decision to remove XSLT support from browsers rather than replacing the insecure, unmaintained implementation with a secure, maintained implementation is an indicator opposed to the claim "XSLT isn’t going anywhere”. I am not arguing anything at all about what browser vendors should do. | | |
| ▲ | tptacek 18 hours ago | parent [-] | | Is the idea that if they did so, the insecure non-browser XSLT-users could adopt their implementation? | | |
| ▲ | dragonwriter 17 hours ago | parent [-] | | The idea is that if they did so, the people using software running in the browser could continue to use XSLT with just the browser platform because the functionality would still be there with a different backend implementation, but instead that in-browser XSLT functionality is going somewhere, specifically, away. | | |
| ▲ | tptacek 17 hours ago | parent [-] | | Right but either way, the vulnerability exists today, and you're saying that whether or not the browser platform supports the functionality that harbors the vulnerabilities, the browser platform should be responsible for resolving those vulnerabilities. That's how I read it. | | |
| ▲ | dragonwriter 17 hours ago | parent [-] | | > and you're saying that whether or not the browser platform supports the functionality that harbors the vulnerabilities, the browser platform should be responsible for resolving those vulnerabilities. No, I'm not (and I keep saying this explicitly) saying that browsers should or should not do anything, or be responsible for anything. I’m not making a normative argument, at all. I am stating, descriptively, that browser vendors choosing to remove XSLT functionality rather than repairing it by using an alternative implementation is very directly contrary to the claim made upthread that “XSLT isn’t going anywhere”. It is being removed from the the most popular application platform in existence, with developers being required to bring their own implementation for what was previously functionality supported by the platform. I am not saying that this is good or bad or that anyone should or should not do anything differently or making any argument about where responsibility for anything related to this lies. |
|
|
|
| |
| ▲ | AlecSchueler 18 hours ago | parent | prev [-] | | What do you find questionable about this being included as part of the broader argument? | | |
| ▲ | tptacek 18 hours ago | parent [-] | | I just don't understand it. I don't understand it well enough to call out what's questionable about it. |
|
|
| |
| ▲ | Kwpolska 19 hours ago | parent | prev | next [-] | | Or perhaps the multi-billion-dollar corporations could stop piggy-backing on volunteers and invest in maintaining the Web platform? | | |
| ▲ | mpyne 14 hours ago | parent | next [-] | | They did, the issue is that the improved Web platform they invested so much to build and maintain has no use for XSLT, which is obsolete in the modern world of good JavaScript, JSON and modern Fetch APIs. | |
| ▲ | robocat 17 hours ago | parent | prev [-] | | Which popular browsers are significantly leaning on individual contributors or volunteers? | | |
| ▲ | Kwpolska 17 hours ago | parent | next [-] | | Google decided to drop XSLT, because the volunteer-maintained libxslt had no maintainers for some time. So, instead of helping the project, they just decided to remove a feature. | | |
| ▲ | aleph_minus_one 12 hours ago | parent [-] | | But by (attempting to) remove this dependency, Google indeed decided to stop piggy-backing on another volunteer - as requested. Be careful what you wish for. :-) |
| |
| ▲ | josefx 16 hours ago | parent | prev | next [-] | | Were you born before or after heartbleed uncovered the sorry state of OpenSSL and the complete absence of funding it was maintained under? So to answer your question: Every single one of them, from Google with its billions, to Mozilla with Googles billions, none of them would spend even a cent on critical open source projects they relied on as long as they could get away with it. | |
| ▲ | mhitza 17 hours ago | parent | prev [-] | | Almost all of them? as I recall there was a single volunteer developer maintaining the xml/xslt libraries they were using. Wasn't it similar with openssl 13+ years ago? Few volunteer maintainers, and only after a couple of major vulnerabilities money got thrown at that project? I'm sure there's more and that's why the famous xkcd comic is always of relevance. |
|
| |
| ▲ | Fileformat 18 hours ago | parent | prev | next [-] | | So... you want newbies to install an extension/plugin before they get a human-readable view of a feed??? That's about as new-user-hostile as I can imagine. | | |
| ▲ | MrJohz 17 hours ago | parent [-] | | There are plenty of ways around this. As others have pointed out, there are other options for styling XML that work well enough in practice. You can also do content negotiation on the server, so that a browser requesting an html document will get the human-readable version, while any feed reader will be sent the XML version. (If you render the html page with XSLT, you can even take advantage of better XSLT implementations where you don't need to work around bugs and cross-platform jank.) Or you can rely on `link` tags, letting users submit your homepage to their feed reader, and having the feed reader figure out where everything is. There might even be a mime code for RSS feeds, such that if you open an RSS feed in your browser, it automatically figures out the correct application (i.e. your preferred RSS reader) to open that feed in. But I've not seen that actually implemented anywhere, which is a shame, because that seems like by far the best option for user experience. |
| |
| ▲ | imiric 17 hours ago | parent | prev [-] | | > XSLT isn't going anywhere XSLT as a feature is being removed from web browsers, which is pretty significant. Sure it can still be used in standalone tools and libraries, but having it in web browsers enabled a lot of functionality people have been relying on since the dawn of the web. > hardwiring into the browser an implementation that's known to be insecure and is basically unmaintained is what's going away So why not switch to a better maintained and more secure implementation? Firefox uses TransforMiix, which I haven't seen mentioned in any of Google's posts on the topic. I can't comment on whether it's an improvement, but it's certainly an option. > The people doing the wailing/rending/gnashing about the removal of libxslt needed to step up to fix and maintain it. Really? How about a trillion dollar corporation steps up to sponsor the lone maintainer who has been doing a thankless job for decades? Or directly takes over maintenance? They certainly have enough resources to maintain a core web library and fix all the security issues if they wanted to. The fact they're deciding to remove the feature instead is a sign that they simply don't. And I don't buy the excuse that XSLT is a niche feature. Their HTML bastardization AMP probably has even less users, and they're happily maintaining that abomination. > It seems like something an extension ought to be capable of I seriously doubt an extension implemented with the restricted MV3 API could do everything XSLT was used for. > and if not, fix the extension API so it can. Who? Try proposing a new extension API to a platform controlled by mega-corporations, and see how that goes. |
|
