Skip the navigation

European security agency issues HTML5 warning

By Jeremy Kirk
August 22, 2011 06:00 AM ET

Computerworld - The European Union's computer security agency warned that the draft HTML5 standard may neglect important security issues.

The European Network and Information Security Agency (ENISA) on Aug. 1 released a 61-page document that cited 51 security problems in the draft HTML5 specifications.

"It's the first time anyone has looked at those specifications from a security point of view," said Giles Hogben, program manager for secure services at ENISA.

Some of the security issues can be fixed by tweaking the specifications, while others are risks that browser users should be warned about, Hogben said.

ENISA also recommended "sandboxed," or isolated, browser sessions to protect online financial transactions in one browser window from being hijacked by malware in another open browser window.

HTML5 is curated by the World Wide Web Consortium, which will consider the suggestions and revise the specifications by January.

Application designers and Web developers will use the HTML5 specifications for years to come. The HTML4 specifications, for example, have been in use since 1999.

This version of this story was originally published in Computerworld's print edition. It was adapted from an article that appeared earlier on

Read more about Security in Computerworld's Security Topic Center.

Our Commenting Policies
Internet of Things: Get the latest!
Internet of Things

Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!