Security a Concern As HTML5 Advances - Slashdot

Slashdot

Follow Slashdot stories on Twitter

Security a Concern As HTML5 Advances 234

Posted by Soulskill on Friday September 17, 2010 @12:45PM
from the new-armor-with-new-holes dept.

Trailrunner7 writes "Every technology innovation has its coming out party, and Google Inc.'s recent 'dancing balls' logo experiment was widely interpreted as a high-impact debut for HTML5. But web security experts are warning that the sprawling new web standard may favor functionality over security, enabling a new generation of powerful web-based attacks. They agree that there are security enhancements in HTML5, but all expressed the same concern: that the new specification will greatly increase the 'attack surface' of HTML — providing more avenues by which malicious code can be delivered through the web. 'HTML5 has an enormous amount of functionality. The (specification) is just huge,' said Jeremiah Grossman of security firm WhiteHat. The breadth of the new specification gives him concern. 'I know that we're still finding vulnerabilities in HTML4,' Grossman said."

This discussion has been archived. No new comments can be posted.

Security a Concern As HTML5 Advances

Search 234 Comments Log In/Create an Account

Comments Filter:

Not HTML5 (Score:5, Informative)

by Anonymous Coward writes: on Friday September 17, 2010 @01:02PM (#33613270)

Google's "dancing balls" wasn't HTML5, it was divs, javascript and CSS border radius.

Share
twitter facebook linkedin
Re:Those who complain about PDF w/scripts (Score:5, Informative)

by AndrewNeo (979708) writes: on Friday September 17, 2010 @01:23PM (#33613490) Homepage

Er, why don't you just set plugins to only start when you tap them?

Parent Share
twitter facebook linkedin
Re:Those who complain about PDF w/scripts (Score:2, Informative)

by GravityStar (1209738) writes: on Friday September 17, 2010 @01:40PM (#33613674)

The browser can be set to only load flash on request. That makes it functionally similar to flashblock with firefox.

Parent Share
twitter facebook linkedin
Re:I don't know about the rest of you (Score:3, Informative)

by WankersRevenge (452399) writes: on Friday September 17, 2010 @01:54PM (#33613822)

Just because a spec isn't finalized doesn't mean some of the feature haven't been implemented. You can find what's been implemented [html5readiness.com] and just maybe, impress your boss.

Parent Share
twitter facebook linkedin

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

643 commentsJustified: Visual Basic Over Python For an Intro To Programming
449 commentsHow We'll Program 1000 Cores - and Get Linus Ranting, Again
382 commentsIs D an Underrated Programming Language?
355 commentsSchool Defied Google and US Government, Let Boys Program White House Xmas Trees
307 commentsGoogle Suggests Separating Students With 'Some CS Knowledge' From Novices

The sooner you fall behind, the more time you have to catch up.