This article originally appeared in the Sept. 2012 issue of INTERNET TELEPHONY
Generally speaking, web developers view the arrival of HTML5 in a positive light. Significant changes to error handling and stricter enforcement with the specification will bring much needed relief to those who struggle with cross-browser compatibility and hacks that have long been necessary to address the tag (News - Alert)-soup approach supported by earlier versions.
For infrastructure vendors that interact with HTML for purposes of security and performance, however, the move to HTML5 poses challenges.
While the core framework within which HTML is delivered remains largely unchanged – the semantic construction of a web page continues to follow a DOM-like hierarchical set – the addition of elements and new capabilities will need to be supported by caches, application firewalls, and web acceleration solutions.
A good example of this is the inclusion of audio and video tags, which replace the traditional method of embedding external objects into the page. The HTML5 elements greatly normalize and therefore simplify the inclusion of such media into web applications, but require infrastructure to parse and interpret these new tags for purposes of security or caching or redirection to a CDN.
Past incarnations of HTML caching required a combination of meta-data tags or HTTP header entries indicating the cachability of content. HTML5 with its new Application Cache API, changes the way in which cacheable content is managed.
A new attribute on the HTML element, “manifest”, indicates the name of a manifest file describing which files the browser should cache for offline access. This file can be remote (accessed via a URI) or delivered inline. It requires support for a new content type: text/cache-manifest and, of course, the ability to parse and interpret the file.
A wide variety of web acceleration solutions rely heavily on caching on the server side as well as the client side. This often results in the insertion of cache-related headers and meta-data into HTML documents. Obviously, a brand new mechanism for managing client-side caching capabilities will require new functionality for infrastructure, as well.
Other new APIs in HTML5 allow for a variety of functionality, including scripting and validation of forms. For security-focused infrastructure, these will prove frustrating, as they represent potential sources of exploitation. Web application firewalls and similar solutions will need to support means to constrain and further validate these tags lest they become easy pickings for those seeking to insert malicious code into websites or clients.
The advantage of HTML5 for developers and applications is undeniable. But organizations need to articulate clearly a strategy for adoption that takes into consideration the potential risks of adoption by developers without simultaneously ascertaining whether or not it will significantly impact security and performance-enhancing infrastructure services.
Lori MacVittie is senior technical marketing manager at F5 Networks (News - Alert) (www.f5.com).
Edited by Stefania Viscusi