|
|
| (2 intermediate revisions by one other user not shown) |
| Line 1: |
Line 1: |
| − | = Introduction =
| + | Moved to [[HTML5 Security Cheat Sheet]] |
| − | = HTML 5 =
| |
| − | | |
| − | == Browser Securability Chart ==
| |
| − | There are a few sites charting browser capabilities as they related to the HTML 5 / CSS 3 standard. I have not seen any that mention security. There may not be a need for it, but
| |
| − | e.g. 'sandbox' will be ignored in down browsers, but which HTML 5 compliant browsers support it. If there are differences in implementations, my assumption is that there will be differences in security configuration / settings.
| |
| − | | |
| − | == Cross Origin Request ==
| |
| − | | |
| − | == Input Validation ==
| |
| − | | |
| − | == Local Storage (a.k.a. Offline Storage, Web Storage) ==
| |
| − | | |
| − | == WebDatabase ==
| |
| − | | |
| − | == WebSockets ==
| |
| − | | |
| − | == Geolocation ==
| |
| − | | |
| − | == Use the "sandbox" attribute for untrusted content (iFrame) ==
| |
| − | [[http://blog.whatwg.org/whats-next-in-html-episode-2-sandbox]] | |
| − | | |
| − | == Content Deliverability ==
| |
| − | CDN or src links to foreign domains = know your content
| |
| − | | |
| − | == Progressive Enhancements and Graceful Degradation Risks ==
| |
| − | The best practice now is to determine the capabilities that a browser supports and augment with some type of substitute for capabilities that are not directly supported. This may mean an onion-like element, e.g. falling through to a Flash Player if the <video> tag is unsupported, or it may mean additional scripting code from various sources that should be code reviewed.
| |
| − | | |
| − | = CSS 3 =
| |
| − | I haven't seen any specific to CSS 3 and it's been a while since I worried about url / !import. I think privacy leaks are the most well know - e.g. querying global history using :visited (https://bugzilla.mozilla.org/show_bug.cgi?id=147777)
| |
| − | | |
| − | = Javascript and Javascript Frameworks =
| |
| − | Do we have cheatsheets for Javascript (e.g. use closures, protect the global namespace) or any of the frameworks like JQuery, script.aculo.us, Prototype, Mootools
| |
| − | | |
| − | = Related Cheat Sheets =
| |
| − | {{Cheatsheet_Navigation}}
| |
| − | | |
| − | = Authors and Primary Editors =
| |
| − | | |
| − | [[Category:How To]]
| |
| − | [[Category:Cheatsheets]]
| |
