April 15, 2014

HTML5 Apps Vulnerable to XSS Attacks

With the recent revelation of the Heartbleed bug, the security of Web apps is a hot topic, especially as many of them are migrating to HTML5. Researchers at Syracuse University said that HTML5 is particularly vulnerable to certain attacks, according to CBR.

HTML5 apps are especially prone to Cross-Site Scripting (XSS) attacks. In these attacks, hackers inject their own scripts into Web apps to intercept information such as usernames, passwords and credit card information that users enter into Web forms.

“When the adoption of this technology reaches certain threshold, attacks like this will become quite common, unless we do something to stop it. A recent Gartner (News Alert) report says that by 2016, 50% of the mobile apps will be using HTML5-based technologies,” the researchers said.

The threat will become even larger as more people shift from desktop PCs to mobile devices, which handle a lot of sensitive data. Mobile apps also handle different kinds of data, including SMS, messages, videos, and barcodes, Bluetooth pairing and other ways that hackers can get into mobile devices.

“As long as an HTML5-based app displays information obtained from outside or from another app, it may be a potential victim," the report said.

The report comes after the announcement of the “Heartbleed” bug in OpenSSL, which handles secure Web connections on major sites such as online banking. Before the bug was patched, it was possible for a malicious user to peek at bits of memory on remote servers they shouldn’t have had access to by taking advantage of a programming error the developers had made while sending “heartbeat” signals. This memory could allow attackers access to information such as accounts and financial details.

Edited by Maurice Nagle


HTML 5 Demos and Examples

HTML 5 experimentation and demos I've hacked together. Click on the browser support icon or the technology tag to filter the demos.... Learn More

HTML5 GAMES is the largest and most comprehensive directory of HTML5 games on the internet... Learn More

The HTML5 test

How well does your browser support HTML5?... Learn More

Working Draft (WHATWG)

This is the Editor’s Draft from WHATWG. You can use it online or print the available PDF version... Learn More

HTML5 Flip Book

Free jQuery and HTML5 flip book maker for PDF to online page turning book conversion... Learn More