Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security a Concern As HTML5 Advances

Posted by Soulskill on from the new-armor-with-new-holes dept.

Trailrunner7 writes "Every technology innovation has its coming out party, and Google Inc.'s recent 'dancing balls' logo experiment was widely interpreted as a high-impact debut for HTML5. But web security experts are warning that the sprawling new web standard may favor functionality over security, enabling a new generation of powerful web-based attacks. They agree that there are security enhancements in HTML5, but all expressed the same concern: that the new specification will greatly increase the 'attack surface' of HTML — providing more avenues by which malicious code can be delivered through the web. 'HTML5 has an enormous amount of functionality. The (specification) is just huge,' said Jeremiah Grossman of security firm WhiteHat. The breadth of the new specification gives him concern. 'I know that we're still finding vulnerabilities in HTML4,' Grossman said."

4 of 234 comments (clear)

  1. Not HTML5 by Anonymous Coward · · Score: 5, Informative

    Google's "dancing balls" wasn't HTML5, it was divs, javascript and CSS border radius.

  2. Re:Those who complain about PDF w/scripts by AndrewNeo · · Score: 4, Informative

    Er, why don't you just set plugins to only start when you tap them?

  3. Re:Those who complain about PDF w/scripts by GravityStar · · Score: 2, Informative

    The browser can be set to only load flash on request. That makes it functionally similar to flashblock with firefox.

  4. Re:I don't know about the rest of you by WankersRevenge · · Score: 2, Informative

    Just because a spec isn't finalized doesn't mean some of the feature haven't been implemented. You can find what's been implemented and just maybe, impress your boss.