Displaying items by tag: HTML

The World Wide Web Consortium (W3C) today took two important steps on the path of standardization for the new version of HTML. We now have a release "candidate recommendation" for Hypertext Markup Language 5, thus making it very clear that the development of HTML5 is coming to an end. Another important step is the issue of the first draft of the HTML5.1 standard, which is being developed in parallel with HTML5.

In what has to be humorous to those of us that called this last year (yes I was one of them) it has now come out that HTML5 is more full of holes than your average sieve. According to a study out now it appears that HTML5 opens up some serious risks including allowing malicious code to execute cross-domain APIs, ClickJacking, Frame impersonation and worse. One of the problems is that HTML5 (like many other things from Apple) is not compatible with other standards on the net. Some of the “security” features that exist on to prevent cross scripting and window framing (where you put a frame inside a legitimate window to execute malicious code) are rendered useless by the technology in HTML5.

Other items that are bundled into the code are vulnerabilities that allow a service to register itself as a content handler without notifying the user, and a caching API that can be skimmed to collect user information (location, time of last visit and possible the actual page visited) in much the same way that Google’s Chrome browser can. In all there are some 50 Vulnerabilities that were listed in the report which is of serious concern considering Apple’s push to put this technology in place. Perhaps Apple feels that they can ignore these and continue on with their charmed life, or that their OS would be impervious to any threats. No matter the cause, considering Steve Jobs’ impassioned rants about Adobe and how their products are security risks it is more than a little amusing.

Source The Inquirer

Talk about this in our Forum