[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WEB SECURITY] Good Article on HTML5 Security Features?

From: Christian Frichot <xntrik@xxxxxxxxx>
Subject: Re: [WEB SECURITY] Good Article on HTML5 Security Features?
Date: Wed, 3 Mar 2010 06:49:23 +0800

--0016e640d4788016730480d92e7e
Content-Type: text/plain; charset=ISO-8859-1

I enjoyed this article on the "sandbox" attribute. But it's not really a
write up on all the features, just that particular feature.

http://blog.whatwg.org/whats-next-in-html-episode-2-sandbox

On Tue, Mar 2, 2010 at 7:37 PM, Yiannis Pavlosoglou <yiannis@owasp.org>wrote:

> I've been keeping tabs on the corresponding [html5] mailing list for quite
> some time now. Nothing solely security related has surfaced there as a
> single doc either, maybe it's about time someone put one together.
>
> Thanks,
>
> Yiannis
>
>
> On 1 March 2010 18:53, <robert@webappsec.org> wrote:
>
>> Anyone aware of a decent write up on the new HTML 5 security related
>> features  (origin header, keygen, etc?)
>>
>> Note: I am not looking for a link to the massive spec :)
>>
>> Regards,
>> - Robert A.
>> http://www.webappsec.org/
>> http://www.cgisecurity.com/
>> http://www.qasec.com/
>>
>>
>>
>> ----------------------------------------------------------------------------
>> Join us on IRC: irc.freenode.net #webappsec
>>
>> Have a question? Search The Web Security Mailing List Archives:
>> http://www.webappsec.org/lists/websecurity/archive/
>>
>> Subscribe via RSS:
>> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>>
>> Join WASC on LinkedIn
>> http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>>
>>
>


-- 
Christian Frichot
e: xntrik@gmail.com
w: http://un-excogitate.org

--0016e640d4788016730480d92e7e
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

I enjoyed this article on the &quot;sandbox&quot; attribute. But it&#39;s n=
ot really a write up on all the features, just that particular feature.<div=
><br></div><div><a href=3D"http://blog.whatwg.org/whats-next-in-html-episod=
e-2-sandbox">http://blog.whatwg.org/whats-next-in-html-episode-2-sandbox</a=
><br>

<br><div class=3D"gmail_quote">On Tue, Mar 2, 2010 at 7:37 PM, Yiannis Pavl=
osoglou <span dir=3D"ltr">&lt;<a href=3D"mailto:yiannis@owasp.org";>yiannis@=
owasp.org</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" style=
=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">

I&#39;ve been keeping tabs on the corresponding [html5] mailing list for qu=
ite some time now. Nothing solely security related has surfaced there as a =
single doc either, maybe it&#39;s about time someone put one together.<br>


<br>Thanks,<br><font color=3D"#888888"><br>Yiannis</font><div><div></div><d=
iv class=3D"h5"><br><br><div class=3D"gmail_quote">On 1 March 2010 18:53,  =
<span dir=3D"ltr">&lt;<a href=3D"mailto:robert@webappsec.org"; target=3D"_bl=
ank">robert@webappsec.org</a>&gt;</span> wrote:<br>

<blockquote class=3D"gmail_quote" style=3D"border-left:1px solid rgb(204, 2=
04, 204);margin:0pt 0pt 0pt 0.8ex;padding-left:1ex">
Anyone aware of a decent write up on the new HTML 5 security related featur=
es =A0(origin header, keygen, etc?)<br>
<br>
Note: I am not looking for a link to the massive spec :)<br>
<br>
Regards,<br>
- Robert A.<br>
<a href=3D"http://www.webappsec.org/"; target=3D"_blank">http://www.webappse=
c.org/</a><br>
<a href=3D"http://www.cgisecurity.com/"; target=3D"_blank">http://www.cgisec=
urity.com/</a><br>
<a href=3D"http://www.qasec.com/"; target=3D"_blank">http://www.qasec.com/</=
a><br>
<br>
<br>
---------------------------------------------------------------------------=
-<br>
Join us on IRC: <a href=3D"http://irc.freenode.net"; target=3D"_blank">irc.f=
reenode.net</a> #webappsec<br>
<br>
Have a question? Search The Web Security Mailing List Archives:<br>
<a href=3D"http://www.webappsec.org/lists/websecurity/archive/"; target=3D"_=
blank">http://www.webappsec.org/lists/websecurity/archive/</a><br>
<br>
Subscribe via RSS:<br>
<a href=3D"http://www.webappsec.org/rss/websecurity.rss"; target=3D"_blank">=
http://www.webappsec.org/rss/websecurity.rss</a> [RSS Feed]<br>
<br>
Join WASC on LinkedIn<br>
<a href=3D"http://www.linkedin.com/e/gis/83336/4B20E4374DBA"; target=3D"_bla=
nk">http://www.linkedin.com/e/gis/83336/4B20E4374DBA</a><br>
<br>
</blockquote></div><br>
</div></div></blockquote></div><br><br clear=3D"all"><br>-- <br>Christian F=
richot<br>e: <a href=3D"mailto:xntrik@gmail.com";>xntrik@gmail.com</a><br>w:=
 <a href=3D"http://un-excogitate.org";>http://un-excogitate.org</a><br><br>
</div>

--0016e640d4788016730480d92e7e--

References:
- [WEB SECURITY] Good Article on HTML5 Security Features?
  - From: robert
- Re: [WEB SECURITY] Good Article on HTML5 Security Features?
  - From: Yiannis Pavlosoglou

Prev by Date: [WEB SECURITY] Imposter v0.9 download. Two whitepapers on file stealing using IE and attacking Google Gears released.
Next by Date: [WEB SECURITY] Use of artificial intelligence in web application security
Previous by thread: Re: [WEB SECURITY] Good Article on HTML5 Security Features?
Next by thread: Re: [WEB SECURITY] Fingerprinting web applications (Joomla, Mediawiki and Wordpress)
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site