• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 787
  • Last Modified:

HTML5 Vulnerabilities

With HTML5 being such an innovation in the dynamic internet, what is to prevent it from opening such a larger attack surface for users?

I would assume that since so many dynamic elements are implemented in HTML5 to replace things such as flash, wouldn't more people be more vulnerable?
0
twcadmin
Asked:
twcadmin
3 Solutions
 
bupperCommented:
It is up to the individual browser to protect the user from attacks. Some browsers are more secure than others -- for example, Mozilla Firefox has a good track record.

In general though, HTML5 would indeed open a larger surface for attacks, and the browsers are hopefully taking note and taking appropriate measures. Here is a good article on this:
http://www.pcworld.com/businesscenter/article/203794/html5_raises_new_security_issues.html
0
 
btanExec ConsultantCommented:
Client-side storage - Earlier versions of HTML only allow sites to store cookies as local information, and these are relatively small and only useful for storing simple profile information or identifiers for data stored elsewhere, such as a session ID. HTML5 LocalStorage, however, allows much greater amounts of data to be stored locally by the browser, permitting new types of applications.

I always see it as Security (assurance needs) Vs Convenience (operational needs)

Cross-domain communication - While other versions of HTML would only allow JavaScript to make XML HTTP request calls back to the original server, HTML5 has relaxed this restriction so that XML HTTP requests can be made to any server that allows them.

Iframe security - support a sandbox attribute for iframes but this design, like much of HTML, has a pretty high chance of being misunderstood by developers and may easily be disabled for the sake of convenience.

Pls also see this link for more of it
http://www.networkworld.com/news/2010/082010-html5-raises-new-security.html
0
 
madunixChief Information Security Officer Commented:
0
 
twcadminAuthor Commented:
Thanks for the thoughts and resources.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now