Difference between revisions of "AppSecEU08 HTML5"

From OWASP
Jump to: navigation, search
(Would you like fries with that?)
 
(5 intermediate revisions by one user not shown)
Line 1: Line 1:
= Would you like fries with that? =
+
[[AppSecEU08 | AppSecEU08]] > [[AppSecEU08#Agenda_and_Presentations_-_May_21-22 | Agenda and Presentations]] > [[AppSecEU08_HTML5 | HTML5 Security]]
  
''-- a security-minded reader's guide to HTML5''
+
= Slides and Contact =
  
* [http://www.w3.org/2008/Talks/0521-owasp-html5-tlr/0521-owasp-html5-tlr.pdf Slides (pdf)]
+
Slides: [http://www.w3.org/2008/Talks/0521-owasp-html5-tlr/0521-owasp-html5-tlr.pdf Would you like fries with that?]
  
== HTML5 resources ==
+
Contact: Thomas Roessler, W3C Security Activity Lead, [mailto:tlr@w3.org tlr@w3.org]
 +
 
 +
= HTML5 resources =
  
 
* [http://www.w3.org/html/wg/html5/ HTML 5 editor's draft]
 
* [http://www.w3.org/html/wg/html5/ HTML 5 editor's draft]
Line 28: Line 30:
 
* [http://www.w3.org/html/wg/html5/#sandbox iframe sandboxing]; [http://lists.w3.org/Archives/Public/public-webapi/2008May/0326.html summary of concepts]
 
* [http://www.w3.org/html/wg/html5/#sandbox iframe sandboxing]; [http://lists.w3.org/Archives/Public/public-webapi/2008May/0326.html summary of concepts]
  
== Cross-domain XMLHttpRequest ==
+
= Cross-domain XMLHttpRequest =
  
 
* [http://dev.w3.org/2006/waf/access-control/ access-control editor's draft]
 
* [http://dev.w3.org/2006/waf/access-control/ access-control editor's draft]
Line 41: Line 43:
 
Relevant work is currently occuring in the [http://www.w3.org/2006/webapi/ Web API] and [http://www.w3.org/2006/appformats/ Web Application Formats] Working Groups at W3C. A [http://www.w3.org/2007/12/WebApps-Charter-2007 proposed restructuring] of that work is currently being negotiated.
 
Relevant work is currently occuring in the [http://www.w3.org/2006/webapi/ Web API] and [http://www.w3.org/2006/appformats/ Web Application Formats] Working Groups at W3C. A [http://www.w3.org/2007/12/WebApps-Charter-2007 proposed restructuring] of that work is currently being negotiated.
  
== Contact ==
+
= About W3C =
  
Thomas Roessler, W3C Security Activity Lead, [mailto:tlr@w3.org]
+
* [http://www.w3.org/Consortium/ About W3C]
 +
* [http://www.w3.org/Consortium/process W3C Process]
 +
* [http://www.w3.org/Consortium/membership About W3C membership]
 +
* [http://www.w3.org/Consortium/Member/List Current members]

Latest revision as of 05:45, 27 May 2008

AppSecEU08 > Agenda and Presentations > HTML5 Security

Contents

Slides and Contact

Slides: Would you like fries with that?

Contact: Thomas Roessler, W3C Security Activity Lead, tlr@w3.org

HTML5 resources

Specific parts of the specification that were mentioned during the talk:

Also of interest, but added even more recently:

Cross-domain XMLHttpRequest

Note that the "access-control" specification provides a mechanism for authorizing exceptions to the same-origin policy. How that authorization (and the data retrieved) is used isn't actually specified. For XMLHttpRequest, the governing specification is XMLHttpRequest Level 2. Don't read one without the other.

Also relevant:

Relevant work is currently occuring in the Web API and Web Application Formats Working Groups at W3C. A proposed restructuring of that work is currently being negotiated.

About W3C