Computerworld - The European Union's computer security agency warned that the draft HTML5 standard may neglect important security issues.
The European Network and Information Security Agency (ENISA) on Aug. 1 released a 61-page document that cited 51 security problems in the draft HTML5 specifications.
"It's the first time anyone has looked at those specifications from a security point of view," said Giles Hogben, program manager for secure services at ENISA.
Some of the security issues can be fixed by tweaking the specifications, while others are risks that browser users should be warned about, Hogben said.
ENISA also recommended "sandboxed," or isolated, browser sessions to protect online financial transactions in one browser window from being hijacked by malware in another open browser window.
HTML5 is curated by the World Wide Web Consortium, which will consider the suggestions and revise the specifications by January.
Application designers and Web developers will use the HTML5 specifications for years to come. The HTML4 specifications, for example, have been in use since 1999.
This version of this story was originally published in Computerworld's print edition. It was adapted from an article that appeared earlier on Computerworld.com.
Read more about Security in Computerworld's Security Topic Center.
Free Insider GuideCopyright © 1994 - 2013 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
