HTML5 – Threats and Opportunities
A few days ago, the BBC reported that a young boy from Stanford University, named Feross Aboukhadijeh, had discovered a flaw in the implementation of the HTML5 web programming language on multiple browsers, which could be tapped to fill the entire disk garbage on computer hard drive.
This hole could allow websites bombarding users with many gigabytes of garbage data, such as drawings of cats, as shown. The only browser that managed to stop junk data was Firefox, the rest: Chrome, Explorer, Safari and Opera, have been affected by this bug.
The problem is how HTML5 handles the local data storage, one of the changes brought about this new language and that allows us to store more local data in the users computers.The storage limit depends on each browser, but all allow you to save at least 2.5 megabytes. Firefox has not been affected as its implementation of localStorage is smarter.
Although no attacks have been observed in HTML5, this is one of the vectors by which security threats can arise. More challenges facing the new standard are, for example, the cross-document messaging, abuse of attributes or input devices validations.
Why do we deed HTML5?
The HTML 5 standard has become so hard in all kinds of systems and device that has become indispensable for developers. Apple and Google have been the standard bearers of this new language, while Adobe Flash and Microsoft Silverlight have surrendered to their advantages.
To begin it is free, open source and customizable, since it is not native. It is faster for developers and evolves quickly, because it is being incorporated in browsers. It also provides interactivity. Developers now have tools such as CSS3, SVG or Canvas, which allow them to create web pages and applications with animations, rich text, video or images without any plugins or software, introducing only labels.
In 2008, the first version was completed, including the fifth versions of both HTML syntax variant as XHTML, but it was in 2010, when they took the HTML5 with a final impetus when new versions of the major browsers were compatible and YouTube started offering their HTML5 video player.
At this rate, the future prospects are very good: it is estimated that by 2015, 80% of the applications will be built, even partially, in HTML5.