Revision as of 10:36, 27 May 2008

Would you like fries with that?

-- a security-minded reader's guide to HTML5

Slides (pdf)

HTML5 resources

Specific parts of the specification that were mentioned during the talk:

Also of interest, but added even more recently:

iframe sandboxing; summary of concepts

Cross-domain XMLHttpRequest

Note that the "access-control" specification provides a mechanism for authorizing exceptions to the same-origin policy. How that authorization (and the data retrieved) is used isn't actually specified. For XMLHttpRequest, the governing specification is XMLHttpRequest Level 2. Don't read one without the other.

Also relevant:

IE Team's proposal for Cross Site Requests (XDomainRequest)

Relevant work is currently occuring in the Web API and Web Application Formats Working Groups at W3C. A proposed restructuring of that work is currently being negotiated.

Revision as of 10:32, 27 May 2008 (view source) Tlr (talk \| contribs) (→‎Cross-domain XMLHttpRequest) ← Older edit		Revision as of 10:36, 27 May 2008 (view source) Tlr (talk \| contribs) (→‎Cross-domain XMLHttpRequest) Newer edit →
Line 38:		Line 38:

	* [http://lists.w3.org/Archives/Public/public-appformats/2008Mar/0017.html IE Team's proposal for Cross Site Requests] (XDomainRequest)		* [http://lists.w3.org/Archives/Public/public-appformats/2008Mar/0017.html IE Team's proposal for Cross Site Requests] (XDomainRequest)
		+
		+	Relevant work is currently occuring in the [http://www.w3.org/2006/webapi/ Web API] and [http://www.w3.org/2006/appformats/ Web Application Formats] Working Groups at W3C. A [http://www.w3.org/2007/12/WebApps-Charter-2007 proposed restructuring] of that work is currently being negotiated.

Difference between revisions of "AppSecEU08 HTML5"

Revision as of 10:36, 27 May 2008

Would you like fries with that?

HTML5 resources

Cross-domain XMLHttpRequest

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools