[html5] Help with html 5 security

Ian Hickson ian at hixie.ch
Tue Jun 14 17:02:46 PDT 2011

On Tue, 22 Mar 2011, Mario Juric wrote:
> I'd like to ask if anyone has any information on html5 security and how 
> it varies from previous versions of html, given the fact it's a work in 
> progress it's bound to have some glitches. Some examples of website 
> based attack, methods for security testing and any kind of simple html5 
> security tutorial would be appreciated

HTML5 is just HTML, so the security model is the same. We've added some 
new things recently, e.g. the sandbox iframe, text/html-sandboxed, CORS, 
and typemustmatch="". You can find out more about those in the spec:


Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

More information about the Help mailing list