Slashdot Mirror


Security a Concern As HTML5 Advances

Trailrunner7 writes "Every technology innovation has its coming out party, and Google Inc.'s recent 'dancing balls' logo experiment was widely interpreted as a high-impact debut for HTML5. But web security experts are warning that the sprawling new web standard may favor functionality over security, enabling a new generation of powerful web-based attacks. They agree that there are security enhancements in HTML5, but all expressed the same concern: that the new specification will greatly increase the 'attack surface' of HTML — providing more avenues by which malicious code can be delivered through the web. 'HTML5 has an enormous amount of functionality. The (specification) is just huge,' said Jeremiah Grossman of security firm WhiteHat. The breadth of the new specification gives him concern. 'I know that we're still finding vulnerabilities in HTML4,' Grossman said."

3 of 234 comments (clear)

  1. security is built in the application, not platform by Michael+Kristopeit · · Score: -1, Troll

    if an idiot developer wants to make an application in an insecure way, the platform can not stop them.

  2. Re:Dancing balls? by Anonymous Coward · · Score: -1, Troll

    Get a modern machine and you wont have any issues. Alternatively, you can shut the hell up and not use any html5 enabled websites.

  3. Thanks Apple by MogNuts · · Score: -1, Troll

    Thanks Apple.

    All because you wanted to be greedy and only let media be delivered through you, instead of other websites being able to deliver it.

    So instead of being able to use adblock, to block malware and only view video when we chose, we're screwed. We have no recourse.

    I saw this coming a mile away the second Apple fanboys began defending Apple's position.