This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "AppSecEU08 HTML5"

From OWASP
Jump to: navigation, search
(Would you like fries with that?)
(Contact)
Line 43: Line 43:
 
== Contact ==
 
== Contact ==
  
Thomas Roessler, W3C Security Activity Lead, [mailto:[email protected]]
+
Thomas Roessler, W3C Security Activity Lead, [mailto:[email protected] [email protected]]

Revision as of 10:37, 27 May 2008

Would you like fries with that?

-- a security-minded reader's guide to HTML5

HTML5 resources

Specific parts of the specification that were mentioned during the talk:

Also of interest, but added even more recently:

Cross-domain XMLHttpRequest

Note that the "access-control" specification provides a mechanism for authorizing exceptions to the same-origin policy. How that authorization (and the data retrieved) is used isn't actually specified. For XMLHttpRequest, the governing specification is XMLHttpRequest Level 2. Don't read one without the other.

Also relevant:

Relevant work is currently occuring in the Web API and Web Application Formats Working Groups at W3C. A proposed restructuring of that work is currently being negotiated.

Contact

Thomas Roessler, W3C Security Activity Lead, [email protected]