Security a Concern As HTML5 Advances - Slashdot

Slashdot

Security a Concern As HTML5 Advances 234

Posted by Soulskill on Friday September 17, 2010 @01:45PM
from the new-armor-with-new-holes dept.

Trailrunner7 writes "Every technology innovation has its coming out party, and Google Inc.'s recent 'dancing balls' logo experiment was widely interpreted as a high-impact debut for HTML5. But web security experts are warning that the sprawling new web standard may favor functionality over security, enabling a new generation of powerful web-based attacks. They agree that there are security enhancements in HTML5, but all expressed the same concern: that the new specification will greatly increase the 'attack surface' of HTML — providing more avenues by which malicious code can be delivered through the web. 'HTML5 has an enormous amount of functionality. The (specification) is just huge,' said Jeremiah Grossman of security firm WhiteHat. The breadth of the new specification gives him concern. 'I know that we're still finding vulnerabilities in HTML4,' Grossman said."

This discussion has been archived. No new comments can be posted.

Security a Concern As HTML5 Advances

Search 234 Comments Log In/Create an Account

Comments Filter:

Not HTML5 (Score:5, Informative)

by Anonymous Coward writes: on Friday September 17, 2010 @02:02PM (#33613270)

Google's "dancing balls" wasn't HTML5, it was divs, javascript and CSS border radius.

Share
twitter facebook linkedin
Re:Those who complain about PDF w/scripts (Score:5, Informative)

by AndrewNeo (979708) writes: on Friday September 17, 2010 @02:23PM (#33613490) Homepage

Er, why don't you just set plugins to only start when you tap them?

Parent Share
twitter facebook linkedin
Re:Those who complain about PDF w/scripts (Score:2, Informative)

by GravityStar (1209738) writes: on Friday September 17, 2010 @02:40PM (#33613674)

The browser can be set to only load flash on request. That makes it functionally similar to flashblock with firefox.

Parent Share
twitter facebook linkedin
Re:I don't know about the rest of you (Score:3, Informative)

by WankersRevenge (452399) writes: on Friday September 17, 2010 @02:54PM (#33613822)

Just because a spec isn't finalized doesn't mean some of the feature haven't been implemented. You can find what's been implemented [html5readiness.com] and just maybe, impress your boss.

Parent Share
twitter facebook linkedin

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

710 commentsProminent GitHub Engineer Julie Ann Horvath Quits Citing Harrassment
578 commentsMichael Bloomberg: You Can't Teach a Coal Miner To Code
458 commentsSurvey: 56 Percent of US Developers Expect To Become Millionaires
452 commentsLies Programmers Tell Themselves
391 commentsToward Better Programming

"Card readers? We don't need no stinking card readers." -- Peter da Silva (at the National Academy of Sciencies, 1965, in a particularly vivid fantasy)