Web security experts agree that there are security enhancements in HTML5, but all expressed the same concern: that the new specification will greatly increase the "attack surface" of HTML — providing more avenues by which malicious code can be delivered through the Web.
"HTML5 has an enormous amount of functionality. The (specification) is just huge," said Jeremiah Grossman of Web security firm WhiteHat. The breadth of the new specification gives him concern. "I know that we're still finding vulnerabilities in HTML4," Grossman said."
Link to Original Source