[WEB SECURITY] HTML5 is now a First Public Working Draft

Thomas Roessler tlr at w3.org
Thu Jan 24 14:52:59 EST 2008


Hello,

W3C has released a First Public Working Draft for HTML5 this week:

   http://www.w3.org/TR/html5/

The specification defines, as its subtitle says, "A vocabulary and  
associated APIs for HTML and XHTML."

Among the APIs that are defined, some seem particular relevant from a  
security perspective, so I'd encourage you to review them and share  
any comments that you might have. Specifically:

	6.4. Cross-document messaging
	http://www.w3.org/TR/html5/#cross-document

	5.3. Drag and drop
	http://www.w3.org/TR/html5/#dnd

	4.9. Determining the type of a new resource in a browsing context
	http://www.w3.org/TR/html5/#content-type-sniffing
	
	4.10. Client-side session and persistent storage of name/value pairs
	http://www.w3.org/TR/html5/#storage

	4.11. Client-side database storage
	http://www.w3.org/TR/html5/#sql

The HTML Working Group (which is working on this document) solicits  
comments to the mailing list public-html-comments at w3.org, archived here:

  	http://lists.w3.org/Archives/Public/public-html-comments/

Please note that the specification is currently a Working Draft, and  
not stable.  In the words of the "Status of this Document" section:  
"Implementors should be aware that this specification is not stable.  
Implementors who are not taking part in the discussions are likely to  
find the specification changing out from under them in incompatible  
ways. Vendors interested in implementing this specification before it  
eventually reaches the Candidate Recommendation stage should join the  
aforementioned mailing lists and take part in the discussions."

For details and background about the Working Group itself, please see  
its home page:

	http://www.w3.org/html/wg/

Regards,
-- 
Thomas Roessler, W3C   <tlr at w3.org>





----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



More information about the websecurity mailing list