I've been playing pretty heavily with HTML5 for awhile now, and actually my website is written in it. I should say lightly written in it as I didn't take advantage of the new semantics in defining the page structure(section, article, etc.) except for the <header> element. I used the html5 DOCTYPE more to take advantage of the cool new CSS3 properties (box-shadow, border-radius, etc) and values available. I know, I should use the new page structure and I will, but time was of the essence and I needed to get the site up and running and I didn't completely understand the semantics of the new elements yet.
Basically my web pages are written in (X)HTML so I'm not too worried at the moment, but as I'm planning to get deeper into 5 and I'm beginning a new web site I've become aware of some security issues at www.securityweek.com/top-10-security-threats-html5-black-hat that are arising with some of the new features that 5 provides..
There are plenty of resources out there I'm going to delve into, but the problem with many of them is they start at a level of understanding they assume I understand, which I don't, so it's hard for me an entry level grasp on things. I do see I'm going to have to kick things up a few levels in the near future to be able to take full advantage of HTML5 and address the security issues involved.
I'm hoping someone here can give me a beginners explanation of a few of these new features in HTML5:
- XMLHttpRequest (XHR)
- cross-origin resource sharing (CORS)
and address a few of the security issues with these components, like:
- Cors bypass
- Click jacking
- HTML5-driven cross-site scripting using tags, events and attributes
- Exploiting Browser SQL points