Posts Tagged ‘html 5’

HTML5 Security – Do Your Homework

HTML5 security is still a rare topic. Since this is a new format for those who are diving into HTML5 it should be learned well. The security of HTML5 is dependent on webmasters and web designers and those who create the standards. Read on to find out more information on HTML5 security here in this quick article.



There are many new applications that can be applied with HTML5 and those with bad intentions are learning them just as fast as the rest of the world. HTML5 has the ability to store much more information on a browser than past html code. So far the risk has been targeted to those who use a workstation, then leave the workstation. A new person taking up where the first person left off would have access to data likely categorized as personal. While this has already been happening for years with the current coding standards, it will be magnified with HTML5.

Older versions of html only allowed javascript to access information to an original server using XML HTTP requests in times past. HTML5 allows much more of these connections to exist with more servers. What will be done about those requests that end up being called up from bad servers ? HTML5 security may be required at the level of the browser in this case. Plugins are not as popular as they once were, but if a browser is not updated regularly in this case, the people with destructive intentions could get the upper hand. Some software is created to update automatically without permission from the owner of the computer. Adobe products sometimes do this. Browsers may need to do it also for HTML5 security.

Developers are going to be building applications that will use HTML5 similar to the way applications are used in mobile devices. HTML5 security will then involve those developers to use caution when using the “PostMessage()” command. The command has the ability to be spoofed ( presented as real when actually false ) with destructive code.

As usual, Internet Explorer implements some HTML5 code differently than Firefox or Safari and some other browsers. Some people advocate never using Internet Explorer because of its differences from what is considered “normal” for browsers. The code in point is called “cross-origin resource sharing”. A suggestion for developers who want to create secure HTML5 code is to study what makes the difference in an overly open access control list and one that is secure. Apparently some reference code in this area is readily insecure.

HTML5 security concerning iFrames is already being addressed. IFrames may receive a sandbox attribute. This will allow those who are designing the iFrame to determine how data will be communicated. The iFrame command can be disabled if needed. This will protect a website from malicious advertising or any other information that is so easily obtained from unreliable locations by an iFrame.


The battle will be raging for HTML5 security for some time to come. Those who will be doing the conquering are those who do their homework. Sites are being set up now for those want to do that homework. Do your part and look them up.

104 comments - What do you think?  Posted by admin1  Date: Sunday, October 17, 2010

Categories: html5 tutorial   Tags: , ,