More functionality always means more opportunity for security mistakes, HTML5 doesn't get any special favours in this regard. If you want a totally secure system then disconnect it from any network and run it off a read only filesystem, but you would be limited in what you could achieve with such a system. I can say that in my experience security issues are a high priority in the thinking of the people writing the specs and the people creating the browsers (often the same people), every effort is made to ensure the specs are not fundamentally insecure and browsers have secure default behaviour.
Joined: Jul 31, 2011
Thank you for your reply, it seems like File API isn't supported in IE8 and IE9.
Here is the list of properties and features of HTML5 and CSS3 supported across browsers.
Joined: Jan 27, 2012
Rob Crowther wrote: If you want a totally secure system then disconnect it from any network and run it off a read only filesystem, but you would be limited in what you could achieve with such a system.
Agreed. This I say to some people that want to have fully secure app - It's like with safe sex - to be absolutly sure it's safe - just don't do it). But I'm not sure that the people writing the specs and the people creating the browsers can help much here, it's like you said about HTML5 - it's allows, and you choose to use it or not. So the most of responsibility I think is on webmasters...