[whatwg] Which mechanisms does HTML5 have in place to combat XSS attacks?
Ian Hickson
ian at hixie.ch
Tue Dec 7 17:12:29 PST 2010
On Tue, 14 Sep 2010, zhao Matt wrote:
>
> I know Mozilla and Microsoft have provided some ways (respectively, CSP, XSS
> filter) to mitigate or detect XSS attacks.
> so I wonder whether HTML5 will present an approach to fight this attacks?
"XSS" is a pretty broad range of attacks. HTML has a number of features
designed to prevent XSS attacks, for example the origin security policy,
the <iframe sandbox> feature, and the text/html-sandboxed MIME type.
Others have also been proposed, such as a syntax to embed text as base64
data safely.
HTH. If you have any specific questions please don't hesitate to raise
them.
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg
mailing list