HTML 5 Cheat Sheet

= Introduction = = HTML 5 =

Browser Securability Chart
There are a few sites charting browser capabilities as they related to the HTML 5 / CSS 3 standard. I have not seen any that mention security. There may not be a need for it, but e.g. 'sandbox' will be ignored in down browsers, but which HTML 5 compliant browsers support it. If there are differences in implementations, my assumption is that there will be differences in security configuration / settings.

Use the "sandbox" attribute for untrusted content (iFrame)
[]

Content Deliverability
CDN or src links to foreign domains = know your content

Progressive Enhancements and Graceful Degradation Risks
The best practice now is to determine the capabilities that a browser supports and augment with some type of substitute for capabilities that are not directly supported. This may mean an onion-like element, e.g. falling through to a Flash Player if the tag is unsupported, or it may mean additional scripting code from various sources that should be code reviewed.

= CSS 3 = I haven't seen any specific to CSS 3 and it's been a while since I worried about url / !import. I think privacy leaks are the most well know - e.g. querying global history using :visited (https://bugzilla.mozilla.org/show_bug.cgi?id=147777)

= Javascript and Javascript Frameworks = Do we have cheatsheets for Javascript (e.g. use closures, protect the global namespace) or any of the frameworks like JQuery, script.aculo.us, Prototype, Mootools

= Related Cheat Sheets =

= Authors and Primary Editors =