January 23, 2015

HTML5 May be the New Standard, But That Doesn’t Make it Safe

Many may recall that this past October, the World Wide Web Consortium (W3C (NewsAlert)) officially approved HTML5 as an industry standard, although many enterprises have already adopted or begun to adopt it. But despite its growing popularity, a new and troubling problem is rising to the surface: HTML5 coding is open, and the vast majority of organizations using it are failing to implement any kind of security measure to protect their data.

Fueled by JavaScript, HTML5 first started to gain steam in 2010, when Apple (News Alert) announced that it would opt to use HTML5 instead of Flash. As of today, about 30 percent of Fortune 500 companies are using HTML5, according to INCORE. And by Gartner’s (News Alert) calculations, more than 50 percent of apps will be using HTML5 by 2016, which is just around the corner. But as Carlos Goncalves, writing for Developer Tech, points out, a startling 99 percent of the production-ready code used and delivered to build websites, enterprise-ready solutions and mobile applications today is totally open.

Just like any other form of data transfer and storage that could be intercepted by unwelcome eyes, HTML5-based solutions need the same level of protection as any other. Yet for whatever reason, no one seems to be safeguarding against HTML5 hackers—yet.

“Cyber attacks that can now walk right through your digital front door might surely jeopardize operations, compromise customer data, personal privacy, or even matters of national security when simple and fast obfuscation and tamper-protection technology exist in the marketplace,” Goncalves writes. “When the code is stored both on the client and server as ‘in the clear’ text files, the code is hosted on a shared server that others could easily gain access. Hence developers can easily lose control over who’s accessing the original source code – unless it’s obfuscated or more robustly protected once it’s released or signed off on as ready for production.”

JavaScript obfuscation used to scramble and protect the HTML5 code is a great place to start, because it helps ensure that the copyrighted code is optimized and monitored for performance. This not only protects against potential license infringement, but it also can block attacks, fraud schemes or code theft, in addition to the goods or services being offered through the application itself.

Ultimately, as more and more companies invest in complex HTML5 application development and service, the need for protecting that code against theft and tampering will become increasingly pressing. While the code is still new to many, that doesn’t mean hackers aren’t already finding ways to infiltrate it. HTML5 should be protected, just like any other business investment or endeavor. 

Edited by Maurice Nagle


HTML 5 Demos and Examples

HTML 5 experimentation and demos I've hacked together. Click on the browser support icon or the technology tag to filter the demos.... Learn More

HTML5 GAMES is the largest and most comprehensive directory of HTML5 games on the internet... Learn More

The HTML5 test

How well does your browser support HTML5?... Learn More

Working Draft (WHATWG)

This is the Editor’s Draft from WHATWG. You can use it online or print the available PDF version... Learn More

HTML5 Flip Book

Free jQuery and HTML5 flip book maker for PDF to online page turning book conversion... Learn More