Solved

HTML5 Vulnerabilities

Posted on 2010-09-17
4
772 Views
Last Modified: 2013-11-19
With HTML5 being such an innovation in the dynamic internet, what is to prevent it from opening such a larger attack surface for users?

I would assume that since so many dynamic elements are implemented in HTML5 to replace things such as flash, wouldn't more people be more vulnerable?
0
Comment
Question by:twcadmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 5

Accepted Solution

by:
bupper earned 225 total points
ID: 33703127
It is up to the individual browser to protect the user from attacks. Some browsers are more secure than others -- for example, Mozilla Firefox has a good track record.

In general though, HTML5 would indeed open a larger surface for attacks, and the browsers are hopefully taking note and taking appropriate measures. Here is a good article on this:
http://www.pcworld.com/businesscenter/article/203794/html5_raises_new_security_issues.html
0
 
LVL 64

Assisted Solution

by:btan
btan earned 200 total points
ID: 33707568
Client-side storage - Earlier versions of HTML only allow sites to store cookies as local information, and these are relatively small and only useful for storing simple profile information or identifiers for data stored elsewhere, such as a session ID. HTML5 LocalStorage, however, allows much greater amounts of data to be stored locally by the browser, permitting new types of applications.

I always see it as Security (assurance needs) Vs Convenience (operational needs)

Cross-domain communication - While other versions of HTML would only allow JavaScript to make XML HTTP request calls back to the original server, HTML5 has relaxed this restriction so that XML HTTP requests can be made to any server that allows them.

Iframe security - support a sandbox attribute for iframes but this design, like much of HTML, has a pretty high chance of being misunderstood by developers and may easily be disabled for the sake of convenience.

Pls also see this link for more of it
http://www.networkworld.com/news/2010/082010-html5-raises-new-security.html
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 75 total points
ID: 33710671
0
 
LVL 5

Author Closing Comment

by:twcadmin
ID: 33825359
Thanks for the thoughts and resources.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When crafting your “Why Us” page, there are a plethora of pitfalls to avoid. Follow these five tips, and you’ll be well on your way to creating an effective page.
This article was originally published on Monitis Blog, you can check it here . Today it’s fairly well known that high-performing websites and applications bring in more visitors, higher SEO, and ultimately more sales. By the same token, downtime…
Any person in technology especially those working for big companies should at least know about the basics of web accessibility. Believe it or not there are even laws in place that require businesses to provide such means for the disabled and aging p…
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question