HTML5 security in modern web browsers

Abstract

The security of the HyperText Markup Language Version 5 in the browsers has been researched extensively during its development process. Over the past years enormous strides have been made to create a more secure language that provides safety to the browser users. Security analysis have to be done continuously during the further implementation of the specification in the browsers to discover as many vulnerabilities as possible. Many researches focused mostly on one or many attack techniques; in this research we try to provide a clear understanding about the inner workings of the browsers and to relate this to the way certain attack techniques work. We discuss a number of attack techniques; the selection of which was based on the OWASP HTML5 security cheat sheet and previous research about HTML5. A number of these attack techniques result in experiments that were done to assess the security of HTML5 in three of the modern browsers. The results of these experiments will be used to provide recommendations towards three groups of readers: the web developers, browser users and browser vendors. A number of bug reports about the discovered vulnerabilities are also sent to the corresponding browser vendors.