HTML5 Security Facts Developers Should Keep in Mind
Application security pros say HTML5 brings with it a new set of security concerns for developers.The war on the words between Apple and Adobe Systems has prompted plenty of speculation about the fate of HTML5. But while HTML5 remains a work in progress, the one thing that is certain is developers who adopt HTML5 will have a new set of features to consider as part of the application security development life cycle. So how will HTML5 impact the attack surface you have to cover? eWEEK spoke to some security experts and got feedback on a few key areas.
Iframe security There is good news about HTML5 from a security perspective, such as plans to support a sandbox attribute for iframes."This attribute will allow a developer to choose how data should be interpreted," Wysopal said. "Unfortunately, this design, like much of HTML, has a pretty high chance of being misunderstood by developers and may easily be disabled for the sake of convenience. If done properly, it could help protect against malicious third-party ads or anywhere else that accepts untrusted content to be redisplayed."