[pcwalton]

This is something I've noticed a lot when developing Servo. The vast majority of the time, when a site is broken in Servo, it's due to some CSS 2.1 bug or another (CSS2 has existed since 1998), or a broken DOM API that's been in the platform for years and years. Attention is disproportionately focused on the new stuff when the reality is that old standards still rule.

I wouldn't necessarily agree that the conclusion is to just rip stuff out of the Web platform, though (although there is plenty of stuff I'd love to drop). Rather, we need to implement the features in a secure way. This isn't rocket science. Notice, as usual, that the majority of these security issues are straightforward memory safety issues† in C++: e.g. https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=firefox+svg

† Food for thought for those claiming that "modern C++" solves these problems.