Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Programming Security

The Security Risks of HTML5 Development 275

Posted by samzenpus
from the protect-ya-neck dept.
CowboyRobot writes "Local storage is a big change from HTML of the past, where browsers could only use cookies to store small bits of information, such as session tokens, for managing identity. HTML5 changes this with sessionStorage, localStorage, and client-side databases to allow developers to store vast amounts of data in the browser that is all accessible from JavaScript. An attacker could retrieve this data or manipulate the data, which would then get used again later by the application and may be uploaded back to the server to attack others, as well. Another risk comes from using 3rd-party code. Until HTML5, JavaScript was limited to requesting resources from the domain from which it was loaded, but with the addition of cross-origin resource sharing (CORS), this has been changed to allow JavaScript to request resources from different domains. This offers increased functionality but requires strict usage policies or risks being abused."
This discussion has been archived. No new comments can be posted.

The Security Risks of HTML5 Development

Comments Filter:
  • by Anonymous Coward on Monday June 24, 2013 @05:25AM (#44090541)

    developer, before the rise of the cyber-douchebag, was someone who built houses for people to live in, or maybe a shopping center or something.

    engineer, before the rise of the cyber-douchebag, was someone who had to get a license in order to build machines that might hurt people if designed wrong

    programmer, before the rise of the cyber-douchebag, used to be happy with their good pay and didnt need to call themselves something they werenrt.

  • Re:Stop it. (Score:5, Funny)

    by 0123456 (636235) on Monday June 24, 2013 @06:42AM (#44090831)

    But the future is web apps replacing local apps so they can run anywhere.

    Except on tablets and phones, where the future is local apps replacing web apps.

    Or something.

    HTML5 looks like a total clusterfsck from here.

The longer the title, the less important the job.