[WEB SECURITY] Re: HTML5 is now a First Public Working Draft

Hoffman, Billy billy.hoffman at hp.com
Thu Jan 24 17:28:06 EST 2008


Don't forgot Offline events and manifest files, paving the way for web applications that work transparently when connected to the Internet or not.

This is virtually the same as wha the WHATWG came up with (makes sense seeing as that was the base document). We have a lot of this now. Firefox 2 has DOMStorage, Google Gears provides offline manifests and a client-side SQLite database. Still, its exciting to see it codified.


Billy Hoffman
--
Manager, HP Security Labs
HP Software
Phone: 678-781-4800
Direct: 678-781-4845
http://www.hp.com

-----Original Message-----
From: Thomas Roessler [mailto:tlr at w3.org]
Sent: Thursday, January 24, 2008 3:25 PM
To: Thomas Roessler
Cc: websecurity at webappsec.org
Subject: [WEB SECURITY] Re: HTML5 is now a First Public Working Draft


On 24 Jan 2008, at 20:52, Thomas Roessler wrote:
> Among the APIs that are defined, some seem particular relevant from
> a security perspective, so I'd encourage you to review them and
> share any comments that you might have. Specifically:

I forgot to mention:

        6.2. Server-sent DOM events
        http://www.w3.org/TR/html5/#server-sent-events

        6.3. Network connections
        http://www.w3.org/TR/html5/#network

>
>
>       6.4. Cross-document messaging
>       http://www.w3.org/TR/html5/#cross-document
>
>       5.3. Drag and drop
>       http://www.w3.org/TR/html5/#dnd
>
>       4.9. Determining the type of a new resource in a browsing context
>       http://www.w3.org/TR/html5/#content-type-sniffing
>
>       4.10. Client-side session and persistent storage of name/value pairs
>       http://www.w3.org/TR/html5/#storage
>
>       4.11. Client-side database storage
>       http://www.w3.org/TR/html5/#sql
>
> The HTML Working Group (which is working on this document) solicits
> comments to the mailing list public-html-comments at w3.org, archived
> here:
>
>       http://lists.w3.org/Archives/Public/public-html-comments/
>
> Please note that the specification is currently a Working Draft, and
> not stable.  In the words of the "Status of this Document" section:
> "Implementors should be aware that this specification is not stable.
> Implementors who are not taking part in the discussions are likely
> to find the specification changing out from under them in
> incompatible ways. Vendors interested in implementing this
> specification before it eventually reaches the Candidate
> Recommendation stage should join the aforementioned mailing lists
> and take part in the discussions."
>
> For details and background about the Working Group itself, please
> see its home page:
>
>       http://www.w3.org/html/wg/
>
> Regards,
> --
> Thomas Roessler, W3C   <tlr at w3.org>
>
>
>
>

--
Thomas Roessler, W3C   <tlr at w3.org>





----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



More information about the websecurity mailing list