[webkit-dev] Intent to Remove: XSS Auditor

[Brent Fulgham]

Hi Folks,

We have continued to ship the XSS Auditor for a number of years after Blink and other engines have abandoned this approach in favor of modern XSS defenses like CSP.

The XSS Auditor was a great idea in its day, but now poses a maintenance burden that far outweighs the small (perhaps nonexistent) benefit it provides.

We intend to remove the XSS Auditor in the coming weeks to better align with the behavior of other browsers.

Please let me know as soon as possible if you have reasons why this would be a significant issue for your port.

Best regards,

-Brent