Tag Archives: HTML

State of HTML5 video

Long Tail Video has an interesting page on the state of HTML5 video. Their view is filtered through their own product, but it’s still a nice job of covering current trends.

HTML5 Encrypted Media Extensions

The Encrypted Media Extensions draft from W3C is drawing controversy. DRM on the Web is traditionally implemented in the service provider, where the content delivery service has full control. But what’s streamed can be captured, and there is software readily available to do it, even if it may violate the DMCA.

An article on Ars Technica reports that Ian Hickson of Google criticized the proposal as both unethical and technically inadequate. Mark Watson, one of the authors of the draft, suggested that strong copy protection can be obtained by building it into hardware, which would mean that only some computers could receive the protected content. Hickson’s email is posted here; unfortunately, it doesn’t expand on what he thinks the problems are.

The draft is intended to accommocate “a wide range of media containers and codecs”; the question is which one or ones will be widely used in practice, and how they’ll be made available, particularly in connection with open-source browsers.

This is a potential area for browser fragmentation.

The HTML5 “sarcasm” tag

In the November 5 Editor’s Draft of HTML5: A vocabulary and associated APIs for HTML and XHTML, there is a curious reference to the “sarcasm” tag. The “in body” insertion mode

When the user agent is to apply the rules for the “in body” insertion mode, the user agent must handle the token as follows:

An end tag whose tag name is “sarcasm”

Take a deep breath, then act as described in the “any other end tag” entry below.

This is the only reference to the tag, so I guess only the closing </sarcasm> tag is allowed, not the opening <sarcasm> tag.

Perhaps this was a test to see if anyone’s actually reading?

Adobe getting out of Flash for mobile

Steve Jobs gets a posthumous victory as Adobe will not be developing Flash for mobile devices past version 11. Adobe states that:

HTML5 is now universally supported on major mobile devices, in some cases exclusively. This makes HTML5 the best solution for creating and deploying content in the browser across mobile platforms. We are excited about this, and will continue our work with key players in the HTML community, including Google, Apple, Microsoft and RIM, to drive HTML5 innovation they can use to advance their mobile browsers.

Our future work with Flash on mobile devices will be focused on enabling Flash developers to package native apps with Adobe AIR for all the major app stores. We will no longer continue to develop Flash Player in the browser to work with new mobile device configurations (chipset, browser, OS version, etc.) following the upcoming release of Flash Player 11.1 for Android and BlackBerry PlayBook. We will of course continue to provide critical bug fixes and security updates for existing device configurations.


W3C has announced an upcoming conference on “HTML5 and the Open Web Platform”. The total information currently available is:

W3C, the web standards organization, is holding its first conference.
If you are a developer or designer wanting to hear the latest news on HTML5 and the open web platform, and your place in it, save the date. This event will be held in Seattle and live streaming to the world on November 15-16.
More details soon…

This is very short notice for a conference, but the topic is interesting.

HTML5 as a “programming language”

A JavaWorld article rhetorically asks, “Will HTML5 kill the mobile app?” Windows 8 will purportedly have a new type of application, written in HTML5 and JavaScript. I have to wonder whether the people who are proposing HTML5, CSS3, and JavaScript as a programming environment have the least idea of what programming is about.

The idea is so bizarre that it’s hard to know where to start a refutation. How would you refute a claim that silly putty is going to be the new way to build skyscrapers? HTML, in any version, just isn’t a programming language. JavaScript can be used for some programming tasks — in principle, it can implement any computation that you could write in another language — but doing anything but the simplest programming tasks in it is agonizing.

There are innocent people who’ve copied a script to produce a Web page effect, and there are less innocent people who find it convenient to delude them with the notion that that’s what programming is. The web page for HTML5 for Dummies declares: “HTML is the predominant programming language used to create Web pages.” If you can believe that, you’re part of the target audience of the title.

HTML5, just three years away

According to the latest version of the HTML Working Group Charter, HTML5 will become a W3C recommendation in 2014.

Smart money is on the AES audio metadata schema being made public first, but I wouldn’t be too sure.

HTML5 security

Yesterday, February 24, Ming Chow gave a talk to the ABCD security group at Harvard on HTML5 security. As far as I can tell he hasn’t made any of the content publicly available online, but here are some high points:

  • HTML5 has a lot of new features, giving it a bigger “attack surface.”
  • There’s no effective security to local and session storage, so writing sensitive information there is a bad idea.
  • The database feature raises all the standard concerns about injection of malicious SQL code into fields.
  • Application caches can be written by any website. It may be possible to spoof pages this way.
  • There is now a function, XDomainRequest, in JavaScript, which allows communication between different sites. The receiver of the request must specify Access-Control-Allow-Origin to indicate whose requests are allowed. Wild-carding this allows anyone at all to send data to a page, which may be dangerous. Implementers of a receiver should always verify the sender’s identity.
  • With the audio, video, and canvas tags, the codecs can be vulnerable. Opera has been hit with a heap buffer overflow exploit in HTML5.
  • The noscript tag is no longer supported. Users who try to make themselves safer by disabling Javascript are more screwed than ever.
  • The problems are new, but the approach to safety is the same: common sense, input validation, being careful with unsecured connections, etc.

The HTML5 logo again

In an earlier post, I questioned how W3C’s new HTML5 logo could help provide a “consistent, standardized visual vocabulary” when it stood for nothing in particular. Others have taken even stronger positions than mine, and W3C has backtracked. The HTML5 logo now stands for HTML5, not for HTML5, CSS3, H.264, and every other “cool” technology showing up on the web these days.

It’s still, as I noted, not a mark of conformance or certification, so its use on a website proves nothing, but at least now what it’s claiming to say is clearer.

HTML5 logo

HTML5 logoW3C has a new logo for HTML5. The blog post says:

As you’re aware, the term HTML5 has taken on a life of its own; there has been significant confusion and debate both within the developer community and in the public at large as to what exactly HTML5 is when the term is used outside of simply referring to the spec itself. This variability in perception is what inspired the project – a group of developers and HTML5 evangelists came to us and posed the question, ‘How can we better communicate all of the technologies and potential that HTML5 represents?’ …and the resounding answer was, the standard needs a standard. That is, HTML5 needs a consistent, standardized visual vocabulary to serve as a framework for conversations, presentations, and explanations moving forward.

How it will do this when the logo stands for nothing in particular — it isn’t a mark of conformance, certification, or anything else, and anyone can use it under a CC license — isn’t clear.