[whatwg] Which vulnerabilities in HTML4 are (partially) solved in HTML5

Aryeh Gregor Simetrical+w3c at gmail.com
Sun Sep 12 17:14:02 PDT 2010

On Thu, Sep 9, 2010 at 2:20 PM, zhao Matt <mattzhaoweb at gmail.com> wrote:
> I saw the iframe element adds the attribute 'sandbox' in HTML5, which can
> better protect users from malicious content.
> so I want to know whether or not there are other changes,  HTML5 can
> (partially) solve some vulnerabilities in HTML4 ?
> thanks.

HTML5 adds a huge number of features to HTML 4.  All of them are
designed with security in mind (hopefully), but most are not
specifically security-related.  CSP and STS are examples of two web
standards that are being developed that are targeted at reducing
existing security problems (STS is implemented in Firefox 4), but
neither is part of HTML5.  A list of significant changes from HTML 4
to HTML5 can be found here:


More information about the whatwg mailing list