New standards under development as part of HTML5 neglect important security issues, according to a European Network and Information Security Agency (ENISA) report.
ENISA examined 13 specifications within HTML5 and found 51 security issues. The specifications are important because application designers and Web developers will use them as a guide for several years.
"I think this is special in that it's the first time anyone has looked at those suites of specifications together from a security point of view," says ENISA's Giles Hogben.
Some of the issues can be fixed by making minor changes to the specifications, while other risks are based on features that users should know about. The HTML5 specification allows for a submit button for a Web-based form to be placed anywhere on a Web page, which makes it possible for an attacker to inject other HTML onto the page and cause the information in the form to be sent to the attacker rather than the legitimate Web site.
The World Wide Web Consortium, which curates HTML5, plans to revise the specifications by January 2012.
From IDG News Service
View Full Article
No entries found