Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

HTML5 Vulnerabilities

Posted on 2010-09-17
4
765 Views
Last Modified: 2013-11-19
With HTML5 being such an innovation in the dynamic internet, what is to prevent it from opening such a larger attack surface for users?

I would assume that since so many dynamic elements are implemented in HTML5 to replace things such as flash, wouldn't more people be more vulnerable?
0
Comment
Question by:twcadmin
4 Comments
 
LVL 5

Accepted Solution

by:
bupper earned 225 total points
ID: 33703127
It is up to the individual browser to protect the user from attacks. Some browsers are more secure than others -- for example, Mozilla Firefox has a good track record.

In general though, HTML5 would indeed open a larger surface for attacks, and the browsers are hopefully taking note and taking appropriate measures. Here is a good article on this:
http://www.pcworld.com/businesscenter/article/203794/html5_raises_new_security_issues.html
0
 
LVL 63

Assisted Solution

by:btan
btan earned 200 total points
ID: 33707568
Client-side storage - Earlier versions of HTML only allow sites to store cookies as local information, and these are relatively small and only useful for storing simple profile information or identifiers for data stored elsewhere, such as a session ID. HTML5 LocalStorage, however, allows much greater amounts of data to be stored locally by the browser, permitting new types of applications.

I always see it as Security (assurance needs) Vs Convenience (operational needs)

Cross-domain communication - While other versions of HTML would only allow JavaScript to make XML HTTP request calls back to the original server, HTML5 has relaxed this restriction so that XML HTTP requests can be made to any server that allows them.

Iframe security - support a sandbox attribute for iframes but this design, like much of HTML, has a pretty high chance of being misunderstood by developers and may easily be disabled for the sake of convenience.

Pls also see this link for more of it
http://www.networkworld.com/news/2010/082010-html5-raises-new-security.html
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 75 total points
ID: 33710671
0
 
LVL 5

Author Closing Comment

by:twcadmin
ID: 33825359
Thanks for the thoughts and resources.
0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
The viewer will learn how to count occurrences of each item in an array.

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question