Local Storage
HTML 5 Features and Security
Jonathan LeBlanc
Technology Evangelist
Yahoo! Developer Network
Twitter:@jcleblanc
Codec Wars - Ogg Theora vs H.264 
http://youtube.com/html5
A new player - the WebM project (Google, Mozilla, and Opera) 

Embed video and audio without third-party plugins!
Render graphs, game graphics, or other visual images on the fly
Canvas text may not be supported in your browser
Shapes, paths, gradients, transformations
JavaScript - now with a fine arts degree!
Geolocation
The Canvas
Video and Audio

Control it all with JavaScript 
Guess who doesn't support it?
Offline Web Applications
Like a cookie (named key/value pairs), but for large amounts of data
Websites can store data to retrieve later
Currently a separate spec even though still under HTML5
How secure is it and who can read it?
Sites define which files the need to work offline (HTML / JS / Images / Video and more!)
Email, docs and web apps offline!
When online, changes can be uploaded to the remote web server
What data is being stored locally?  Is it safe to do this?
Can use IP, wireless connection, cell tower (phone), or dedicated GPS hardware
Find your geographic location from the browser
You must grant access for sites to use your location
Locating me anywhere? Awesome right?
for search boxes
for spinboxes
for sliders
for color pickers
for telephone numbers
for web addresses
for email addresses
for calendar date pickers
for months
for weeks
for timestamps
for precise, absolute date+time stamps
for local dates and times
search:
number:
range:
color:
tel:
url:
email:
date:
month:
weeks:
time:
datetime:
datetime-local:

Form Input Types
Form Autofocus
No JavaScript Needed
Consistent across all browsers
Good for power users and special needs
Unloaded site does not "help" by refocusing
Browser can offer method to turn this off


Implementations and specifications have to do a delicate dance together. You don’t want implementations to happen before the specification is finished, because people start depending on the details of implementations and that constrains the specification. However, you also don’t want the specification to be finished before there are implementations and author experience with those implementations, because you need the feedback. There is unavoidable tension here, but we just have to muddle on through.

- Robert O'Callahan
http://ishtml5ready.com/
http://ishtml5readyyet.com/
http://www.miketaylr.com/code/input-type-attr.html
How does your browser form support stack up?
+
+
@font-face {
    font-family: Delicious;
    src: url('Delicious-Roman.otf');
}
Custom Fonts
So we're all good, right?
Not really - IE does not play well with others

IE needs an .eot font ...
everyone else takes a .ttf or .otf font
See the Paul Irish Solution
http://paulirish.com/2009/
bulletproof-font-face-implementation-syntax/
Learning More
This Presentation
http://prezi.com/mt-eb2cxyele/

WTF is HTML infographic
http://www.focus.com/images/view/11905/

Dive into HTML5
http://diveintohtml5.org/
People you Should Follow
Mark Pilgrim
Twitter: @diveintomark

Paul Irish
Twitter: @paul_irish
Thank You!
Questions?
Cross-site Scripting (XSS)
"User Agents must acquire permission through a user interface, unless they have prearranged trust
relationships with user"

"Some User Agents will have prearranged trust relationships that do not require such user
interfaces." 
Geolocation Spec Quotes
Predators
How do we secure our sites?
Google Caja
http://code.google.com/p/google-caja/

ADSafe
http://adsafe.org/