These are only two of many new or improved attacks on web clients. I chose them for two reasons: the first is a new attack, first described in December 2011 and not widely known to developers. The second shows a misuse of new HTML5 functionalities which have often has been overlooked.
A new kind of XSS
THIS IS A PREVIEW. DOWNLOAD ISSUE 4 TO READ THE FULL ARTICLE