This is why I’m more sympathetic to browser developers being slow to adopt new formats. WebP is a marginal advantage over JPEG (mostly transparency) which hasn’t seen much success but now that’s translated into multiple high-priority security holes and we’re all going to be spending the next month deploying patches everywhere which links against libwebp.

That doesn’t mean we shouldn’t do new things but I think as developers we’re prone to underestimate the cost pretty heavily.

It would be cool if an app could use an user-provided “codecs” for all sort of common (media) things. That way I can determine an acceptable risk myself customized for my circumstances.

Maybe I’ll use an open, safe but feature incomplete webp implementation because I don’t care if three pixes are missing or the colors are not quite correct. Maybe I’ll provide a NULL renderer because I just don’t care.

I know this sounds stupid, but a man can wonder.

There is also WebCodecs API: https://developer.mozilla.org/en-US/docs/Web/API/WebCodecs_A...