

Sick of Flash security holes? HTML5 has its own - talles
http://www.infoworld.com/article/2956193/html5/sick-of-flash-security-holes-html5-has-its-own.html

======
stephengillie
> _Among the risks that HTML5 brings, according to Bellanger:_
    
    
      * Canvas image-rendering exploits, which can cause buffer overflows that a hacker could then use to inject code into the session
      * Cross-site scripting, where intruders can steal information from a session in the browser
      * SQL injection, where a malicious query is used to extract information from a database in the browser
      * Cross-site request forgeries, where a user token is taken over to impersonate a user on the Web
    

3 of these seem older than HTML5. SQL Injection has been around a long time.
How long have in-browser databases been used? Are these widely used?

