This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Difference between revisions of "HTML 5 Cheat Sheet"

Jump to: navigation, search
(Initial outline)
m (Replaced content with "Moved to HTML5 Security Cheat Sheet")
(2 intermediate revisions by one other user not shown)
Line 1: Line 1:
= Introduction =
Moved to [[HTML5 Security Cheat Sheet]]
= HTML 5 =
== Browser Securability Chart ==
There are a few sites charting browser capabilities as they related to the HTML 5 / CSS 3 standard.  I have not seen any that mention security.  There may not be a need for it, but
e.g. 'sandbox' will be ignored in down browsers, but which HTML 5 compliant browsers support it.  If there are differences in implementations, my assumption is that there will be differences in security configuration / settings.
== Cross Origin Request ==
== Input Validation ==
== Local Storage (a.k.a. Offline Storage, Web Storage) ==
== WebDatabase ==
== WebSockets ==
== Geolocation ==
== Use the "sandbox" attribute for untrusted content (iFrame) ==
== Content Deliverability ==
CDN or src links to foreign domains = know your content
== Progressive Enhancements and Graceful Degradation Risks ==
The best practice now is to determine the capabilities that a browser supports and augment with some type of substitute for capabilities that are not directly supported.  This may mean an onion-like element, e.g. falling through to a Flash Player if the <video> tag is unsupported, or it may mean additional scripting code from various sources that should be code reviewed.
= CSS 3 =
I haven't seen any specific to CSS 3 and it's been a while since I worried about url / !import.  I think privacy leaks are the most well know - e.g. querying global history using :visited (
= Javascript and Javascript Frameworks =
Do we have cheatsheets for Javascript (e.g. use closures, protect the global namespace) or any of the frameworks like JQuery,, Prototype, Mootools
= Related Cheat Sheets =
= Authors and Primary Editors  =
[[Category:How To]]

Latest revision as of 23:04, 9 September 2011

Moved to HTML5 Security Cheat Sheet