Carsten Eilers, author of ‘HTML5 Security’ recently did a guest post for CTOvision regarding his chosen subject topic : HTML5 Security.
“HTML5 brings new opportunities – for developers and for attackers.
Here you will see two examples of how an attacker could abuse HTML5 and how you as a developer could prevent this (or not).
These are only two of many new or improved attacks on web clients. I chose them for two reasons: the first is a new attack, first described in December 2011 and not widely known to developers. The second shows a misuse of new HTML5 functionalities which have often has been overlooked.”