HTML 5? Maybe….

by Eric H
For this week’s blog, I found a scholar journal which I though it’s really interesting, its talking about the potential security risks related to HTML 5 and hybrid apps (app that will work both a lone without internet connection and also when it’s connected to online). HTML 5 includes many new security features, these new features are intended to solve problems that comes up when web pages starts using elements from other sources. In this article, the author uses iframe as an example. Iframe is used to embed content that is not part of the site. Example of the use iframe are advertisements, therefore if the iframe sections are not monitored frequently, the chance of getting infected with malicious code can be high (Steve, 2010). With HTML 5’s new mime type – text/html sandboxed, it prevents iframe from executing scripts, embedding forms, or reading or writing to cookies that’s on your computer. Another feature of HTML 5 is that it provides for client-side storage of information, it does more than just cookies, this new feature can handle up to MB of data, and it uses SQL database for storing it. Since SQL databases are also part of HTML 5, the risk of SQL injection attack on the client side will also apply to HTML 5 (Steve, 2010).

My article is about HTML 5, I find this article relates to this week’s in class lectures, as it talks about HTML 5 and all the new tags it introduced. This article focuses more on the potential security risk that arise with the use of HTML 5. The two I mentioned in my summary concerns me about the move over to HTML 5.  As we all know, most websites survive by places advertisements on their sites, and this applies to majority of all websites on the web, so the risk from getting infected by malicious codes, makes me think twice before entering a site with advertisements. However, storing data on client side to achieve faster speed is fine with me, and the risk of this doesn’t bother me as much as the issue with iframe.


Steve, M. (2010). Divide and conquer: the threats posed by hybrid apps and html 5 . Retrieved from