convergese_html5

Local Storage HTML 5 Features and Security Jonathan LeBlanc Technology Evangelist Yahoo! Developer Network Twitter:@jcleblanc Codec Wars - Ogg Theora vs H.264 http://youtube.com/html5 A new player - the WebM project (Google, Mozilla, and Opera) Embed video and audio without third-party plugins! Render graphs, game graphics, or other visual images on the fly Canvas text may not be supported in your browser Shapes, paths, gradients, transformations JavaScript - now with a fine arts degree! Geolocation The Canvas Video and Audio Control it all with JavaScript Guess who doesn't support it? Offline Web Applications Like a cookie (named key/value pairs), but for large amounts of data Websites can store data to retrieve later Currently a separate spec even though still under HTML5 How secure is it and who can read it? Sites define which files the need to work offline (HTML / JS / Images / Video and more!) Email, docs and web apps offline! When online, changes can be uploaded to the remote web server What data is being stored locally? Is it safe to do this? Can use IP, wireless connection, cell tower (phone), or dedicated GPS hardware Find your geographic location from the browser You must grant access for sites to use your location Locating me anywhere? Awesome right? for search boxes for spinboxes for sliders for color pickers for telephone numbers for web addresses for email addresses for calendar date pickers for months for weeks for timestamps for precise, absolute date+time stamps for local dates and times search: number: range: color: tel: url: email: date: month: weeks: time: datetime: datetime-local: Form Input Types Form Autofocus No JavaScript Needed Consistent across all browsers Good for power users and special needs Unloaded site does not "help" by refocusing Browser can offer method to turn this off Implementations and specifications have to do a delicate dance together. You don’t want implementations to happen before the specification is finished, because people start depending on the details of implementations and that constrains the specification. However, you also don’t want the specification to be finished before there are implementations and author experience with those implementations, because you need the feedback. There is unavoidable tension here, but we just have to muddle on through. - Robert O'Callahan http://ishtml5ready.com/ http://ishtml5readyyet.com/ http://www.miketaylr.com/code/input-type-attr.html How does your browser form support stack up? + + @font-face { font-family: Delicious; src: url('Delicious-Roman.otf'); } Custom Fonts So we're all good, right? Not really - IE does not play well with others IE needs an .eot font ... everyone else takes a .ttf or .otf font See the Paul Irish Solution http://paulirish.com/2009/ bulletproof-font-face-implementation-syntax/ Learning More This Presentation http://prezi.com/mt-eb2cxyele/ WTF is HTML infographic http://www.focus.com/images/view/11905/ Dive into HTML5 http://diveintohtml5.org/ People you Should Follow Mark Pilgrim Twitter: @diveintomark Paul Irish Twitter: @paul_irish Thank You! Questions? Cross-site Scripting (XSS) "User Agents must acquire permission through a user interface, unless they have prearranged trust relationships with user" "Some User Agents will have prearranged trust relationships that do not require such user interfaces." Geolocation Spec Quotes Predators How do we secure our sites? Google Caja http://code.google.com/p/google-caja/ ADSafe http://adsafe.org/