On Tue, 14 Sep 2010, zhao Matt wrote: > > I know Mozilla and Microsoft have provided some ways (respectively, CSP, XSS > filter) to mitigate or detect XSS attacks. > so I wonder whether HTML5 will present an approach to fight this attacks?
"XSS" is a pretty broad range of attacks. HTML has a number of features designed to prevent XSS attacks, for example the origin security policy, the <iframe sandbox> feature, and the text/html-sandboxed MIME type. Others have also been proposed, such as a syntax to embed text as base64 data safely. HTH. If you have any specific questions please don't hesitate to raise them. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
