Open source software security

Using HTML 5 to Defeat XSS

Although it is often derided in the security community as unsafe and as the harbinger of new security vulnerabilities in web applications, HTML 5 includes a number of notable security enhancements. Using native HTML 5 features we can actually eliminate most cross site scripting (XSS) attacks at the client side. Doing this merely requires clean application architecture to segregate dynamic display code, properly defined trusted origin domains, and use of the HTML content security policy. These features even include reporting capabilities that can be used to detect XSS attacks in the client browsers and report them back to the server.