Ask HN: What are the biggest limitations of HTML5?
Ubuntu's and Firefox's mobile OS'es are coming soon, and Google's Chrome OS is on the rise (the Chromebook was Amazon's #1 selling laptop). It seems like we should start taking "web apps", or whatever you want to call them, more seriously.
BUT, there are undeniably some serious limitations. I think it's time we start openly discussing these problems, and how they can be addressed. Here are some of the biggest challenges HTML5 faces: - Security e.g. users shouldn't trust a client based HTML5 with any serious data collection. - Local Data - Storage is limited & it can be manipulated - Syncing offline apps - Determining which is the latest version etc - If the browser vendors won't implement something, it won't get implemented. This has also lead to - Format Incompatibilities e.g. try audio/video tags across the major browsers Security e.g. users shouldn't trust a client based HTML5 with any serious data collection. - I'm not sure why you say that. I do online banking all the time. It is possible to code something secure and tight, but I'll admit it's not easy. I think security will always be an issue, even with native apps. Local Data - Storage is limited & it can be manipulated - True, storage needs to be unlimited. As for manipulating it, this is also true of native apps. Without jailbreaking, I can manipulate a save file for almost any iPhone game. The security issue (again) depends on the developer, and how they protect the data. Syncing offline apps - Determining which is the latest version etc - Yup, that's a challenge too. But also a challenge native apps face. When I make a note on an offline iPhone in the notes app, and then edit the same note on my Mac, it creates a duplicate when the iPhone is back online. It should probably be up to the developer how to handle this, whether the app is native or HTML5. If the browser vendors won't implement something, it won't get implemented. This has also lead to - Yes, this I think is one of the biggest challenges. People buy a computer, it comes with a browser default, and they never change or update it. It's hard enough to get the W3C to add new features, let alone browsers to implement them, and even harder still to get users to update their browsers. Format Incompatibilities e.g. try audio/video tags across the major browsers - Yup, similar issue. Regarding your Security point, the fundamental problem with HTML5 and the way online banks use their security is that with HTML5 ultimately the user has control over the code which is running on their machine. Browsers come with decent debugging tools making it easier to abuse (and there are even better ones as plugins). Using the browsers debugger (or your one of choice) you can simply go to a website running on HTML5 and insert a few breakpoints and watch what happens. All someone would have to do is edit the variable(s) which hold the data to anything they'd desire. You can argue there are limits to these potential exploitations but some of the tools are as complicated as the complier itself - and when companies are trying to push out a feature as quickly as possible, security issues are often overlooked. For example have a look (if you haven't already) at http://plaintextoffenders.com/ which shows websites which store passwords in plain text. Sure my example relates to a different issue but if websites are prepared to store passwords in plain text then inevitably, they will overlook other potential security issues. When money is involved, any minor potential exploitation is taken advantage to the fullest extent. Hence I still believe HTML5 apps shouldn't be trusted with any serious data collection. I'm no expert (yet?) but my understanding is that unless you are in a web-app (in the OS sense, ie: not in a browser strictly speaking) you loose access to features like real sockets and such. WebRTC looks awesome but the fact that we still can't built a true P2P system in HTML5 is a big failure from my point of view...
Still, I think this is the way to go for now, not strictly of course... :) Interesting idea. So instead of browsers forcing everything over HTTP(s), allow all kinds of transmission? "Real sockets" you mean you don't count web sockets as real sockets? I think it will get there, eventually, just needs more time. Browsers have evolved a lot over the years, but it all comes down to the fact that the organizations in charge of creating the standards (W3C) move a little too slow. True, which is another problem web apps face - waiting for the W3C to adopt something new. Native apps run on OSes that change several times a year, introducing new features. New HTML5 features seem to take two years - and worse still, every user must update their browser to get them. Biggest limitations of HTML5: - security causes a lot of limits for users and developers - unhealthy competition between browser vendors, example: WebGL@InternetExplorer - its limited to 3 languages: HTML, CSS, JS (and its derivatives) security causes a lot of limits for users and developers
- Security will probably always be an issue, even with native apps. Anything specific you think could be changed to make web apps safer? unhealthy competition between browser vendors, example: WebGL@InternetExplorer
- Agreed. Especially when one browser stays from what's supposed to be "standard", yet rarely is. its limited to 3 languages: HTML, CSS, JS (and its derivatives)
- Agreed. Google's working on a compiled web language, but it will only work in chrome. They're attempting to make it a standard, but I'm not sure if any other browsers would put the effort into supporting it. And a whole new system like this would take years to implement. But still possible....