Solved

HTML5 Vulnerabilities

Posted on 2010-09-17
4
754 Views
Last Modified: 2013-11-19
With HTML5 being such an innovation in the dynamic internet, what is to prevent it from opening such a larger attack surface for users?

I would assume that since so many dynamic elements are implemented in HTML5 to replace things such as flash, wouldn't more people be more vulnerable?
0
Comment
Question by:twcadmin
4 Comments
 
LVL 5

Accepted Solution

by:
bupper earned 225 total points
ID: 33703127
It is up to the individual browser to protect the user from attacks. Some browsers are more secure than others -- for example, Mozilla Firefox has a good track record.

In general though, HTML5 would indeed open a larger surface for attacks, and the browsers are hopefully taking note and taking appropriate measures. Here is a good article on this:
http://www.pcworld.com/businesscenter/article/203794/html5_raises_new_security_issues.html
0
 
LVL 61

Assisted Solution

by:btan
btan earned 200 total points
ID: 33707568
Client-side storage - Earlier versions of HTML only allow sites to store cookies as local information, and these are relatively small and only useful for storing simple profile information or identifiers for data stored elsewhere, such as a session ID. HTML5 LocalStorage, however, allows much greater amounts of data to be stored locally by the browser, permitting new types of applications.

I always see it as Security (assurance needs) Vs Convenience (operational needs)

Cross-domain communication - While other versions of HTML would only allow JavaScript to make XML HTTP request calls back to the original server, HTML5 has relaxed this restriction so that XML HTTP requests can be made to any server that allows them.

Iframe security - support a sandbox attribute for iframes but this design, like much of HTML, has a pretty high chance of being misunderstood by developers and may easily be disabled for the sake of convenience.

Pls also see this link for more of it
http://www.networkworld.com/news/2010/082010-html5-raises-new-security.html
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 75 total points
ID: 33710671
0
 
LVL 5

Author Closing Comment

by:twcadmin
ID: 33825359
Thanks for the thoughts and resources.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Using SQL Scripts we can save all the SQL queries as files that we use very frequently on our database later point of time. This is one of the feature present under SQL Workshop in Oracle Application Express.
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
This tutorial walks through the best practices in adding a local business to Google Maps including how to properly search for duplicates, marker placement, and inputing business details. Login to your Google Account, then search for "Google Mapmaker…
The viewer will get a basic understanding of what section 508 compliance can entail, learn about skip navigation links, alt text, transcripts, and font size controls.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now