It’s not just for websites. HTML5, the new version of HTML, allows developers to run entire applications within a browser, says Philippe Le Hégaret, leader of the World Wide Web Consortium (W3C) group that produced HTML5. The standard is a collection of specifications for formatting interfaces, processing and storing data on browsers, and rendering images and video. It’s a complete software-development framework, just like Java or .Net, Le Hégaret says.
It’s gaining support. W3C has been developing HTML5 for some time, but its adoption was thought to be years away until Apple announced it expected developers to use the standard to build browser-based Internet apps for the iPhone and iPad. The newest versions of all major browsers support most HTML5 features. Google plans to use it for services like Gmail and Adobe will offer many HTML5 services in its Dreamweaver website design software.
It’s open standard. The good news with HTML5’s standards is they are open and free of patents. For example, WebKit, which keeps a library of open-source software, provides a free layout engine that can be used to create browsers or applications. “You won’t have IBM knocking at your door, saying, ‘You’re using our patents,’” says Le Hégaret. This also means you’re not dependent on one vendor’s tools, as with Adobe Flash or Microsoft Silverlight.
It won’t replace Flash. Adobe is adding HTML5 capabilities to its offerings and creating Flash features HTML5 alone won’t support, says Lea Hickman, senior director in Adobe’s creative solutions group. “Ultimately, HTML5 and [platforms like Adobe’s] will be complementary,” says Forrester Research Principal Analyst Jeffrey Hammond, “and enterprise development shops will need to invest in both to deliver applications that combine reach and richness.”
New security threats loom. As with any new technology, hackers will be looking for ways HTML5 can be misused. Its new features increase the attack surface, warns Kevin Johnson, a researcher who teaches Web security for the SANS Institute. And it’s vulnerable to many of the same techniques used to get user data now. “If I can find a flaw in your application and inject HTML5, I can modify your site and hide things I don’t want you to see,” he says.