Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

+ - The Security Risks of HTML5 Development->

Submitted by CowboyRobot
CowboyRobot (671517) writes "Local storage is a big change from HTML of the past, where browsers could only use cookies to store small bits of information, such as session tokens, for managing identity. HTML5 changes this with sessionStorage, localStorage, and client-side databases to allow developers to store vast amounts of data in the browser that is all accessible from JavaScript. An attacker could retrieve this data or manipulate the data, which would then get used again later by the application and may be uploaded back to the server to attack others, as well. Another risk comes from using 3rd-party code. Until HTML5, JavaScript was limited to requesting resources from the domain from which it was loaded, but with the addition of cross-origin resource sharing (CORS), this has been changed to allow JavaScript to request resources from different domains. This offers increased functonality but requires strict usage policies or risks being abused."
Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

The Security Risks of HTML5 Development

Comments Filter:

"Lead us in a few words of silent prayer." -- Bill Peterson, former Houston Oiler football coach

Working...