The 3 things wrong with HTML5

With virtually all HTML5 features that will wind up in the final RFC (due in 2014) having been proposed and coded, now the WHAT Working Group @ the W3C is moving to the review stage. So now that we know what’s in it, what are the 3 things that are most wrong with HTML5?

First, the browsers and the customers aren’t ready yet. Shown below are the browser market shares for the major browsers, according to Ars Technica (www.arstechnica.com).

More than 50% of the worldwide browser population is on IE versions 6 thru 8 as of the end of April 2011. On the www.html5test.com test site, these browsers show as achieving scores of no more than 32 on the HTML5 full feature implementation scale of 400. As opposed to these dinosaurs, the current browsers perform quite well:

So right now HTML5 sites are viewable by about half the worldwide population of browsers. Time and Microsoft updates will cure this problem in the next year.

The second thing wrong with HTML5 is the security hole. HTML5 was designed as an open standard. It was designed for use with many technologies, but primarily to interleave with CSS3 and JavaScript. If you were fairly cautious about JavaScript to begin with (see www.owasp.org/index.php/Category:OWASP_Top_Ten_Project ), you know that any good black-hat hacker worth his PC can execute the OWASP Top Ten attacks. One of the world’s foremost experts on this topic, noted two weeks ago that “90 of the F100 companies had JavaScript vulnerabilities right on their home pages”.

Now let’s toss some new HTML5 features into the mix, including: access to local data storage on our devices, web workers, new elements such as canvas, and security sandboxes, and the attackers will find 50 more ways to penetrate this new environment. But let’s appreciate that the security issue has a cycle, they attack we patch and correct, and it gets progressively harder with time to summon the skills to attack. And let’s appreciate that it took both time and security expertise to eventually get the Viagra out of our email Inboxes.

The third big thing wrong with HTML5 is the speed of the browser. How does HTML5 compete with an app? Until recently, the speed of device based apps was measured in milliseconds and browser based apps was measured in tenths of a second. That is changing - quickly. Speak to any CEO of a gaming company, and they have an HTML5 strategy. And the reason is that speed improvements on devices & in browsers that will bring hundreds of millions more users to become gaming-capable.

To watch this in real time, open all the browsers on your device, then on each browser go to the following 3 sites: http://v8.googlecode.com/svn/data/benchmarks/v6/run.html, http://krakenbenchmark.mozilla.org/kraken-1.1/driver.html, and http://sunspider-mod.googlecode.com/svn/data/hosted/sunspider.html. You will be surprised by the 30 – 50% difference in speed of your various browsers running JavaScript.

The speed of JavaScript running on the iPad has gone through a 4X acceleration with the release of the iPad2. There are similar comparisons for its speed running on the different browsers. So between Moore’s Law at work on the devices themselves and the rapidly improving & competing code bases in the browser engines, time will also cure this problem.

So, what’s wrong with HTML5 - nothing that the passage of time won’t ameliorate.