HTML5 – Not Designed for Business Applications
HTML5 is the next version of HTML to come along since version 4.0 in 1997.
HTML is an acronym for Hyper Text Markup Language and HTML elements are the basic building-blocks of web pages. The Internet would not exist as we know it today without HTML.
But HTML is not a programming language at all. This concept is confusing to some people. Web pages rely on a scripting language such as JavaScript in order to respond to user input. Think of it as HTML being a car and JavaScript being the engine.
JavaScript was introduced in 1995 by Netscape and coincidentally, that’s when the web started to really “take off”. This is an important fact to consider before we dig deeper into HTML5.
The open source nature of HTML and JavaScript has contributed to the growth of the Internet as a whole. Source code and design ideas are often borrowed from around the web and even from competitor’s web sites. This is facilitated by the fact that HTML and JavaScript are impossible to hide or protect.
HTML5 is no different!
There has been a lot of talk about HTML5 over the past couple of years and developers think that HTML5 is “cool” and “fun” to work with. But the logic ends there.
As usual with most new technologies, there has been confusion and misinformation over when HTML5 should be used and for what purpose. We aim to enlighten you about what HTML5 can and can’t do in this article.
New Features Same Old Concept
HTML5 includes new features such as the “Canvas” element, along with audio, video and Scalable Vector Graphics (SVG) content, some of which replace the “object” tags of HTML4. There have also been some modifications and standardization of tags such as (a, cite, menu) but the basic concept of HTML remains the same in HTML5.
Who’s Promoting HTML5?
HTML5 was originally proposed by Opera Software (makers of the Opera web browser) and designed by the World Wide Web Consortium, also known as W3C.
An important point is that the W3C has been criticized as being dominated by larger organizations and thus writing standards that represent their interests.
The large organizations (Apple, Microsoft, Adobe, Google and Facebook) have promoted HTML5 as the most up to date technology for web development. In fact the late Steve Jobs termed HTML5 as the win-win solution for consuming any kind of web content on all types of web platforms. But it is important to note that Apple, Microsoft, Google and Facebook each have an incentive for promoting HTML5; each own and operate very profitable “app” stores such as the Windows Marketplace, Google App Store, iTunes App Store, Facebook Canvas Apps, etc. Protection of intellectual property and trade secrets is of little or no concern to those companies and in fact it is almost a conflict of interest.
Fact #1: HTML5 is based on JavaScript, which is impossible to protect. Yes, that’s a fact!
As we discussed a moment ago, JavaScript is the core “language” of HTML5, whose source code is impossible to protect. The most evident reason is that anyone can view HTML5 and JavaScript source by just a simple click. JavaScript was never intended to be anything more than an engine for client-server communication and re-useable web content, including menus, buttons, tabs and the like.
Developers may argue that they can mangle JavaScript source code by obfuscation and pseudo-encryption (such as “minification”, where the code is compressed and “minified”). But this is a dangerously false sense of security. Any skilled developer can reverse engineer a “minified” or “obfuscated” JavaScript application. By design, JavaScript cannot be encrypted and it cannot be hidden. JavaScript files must be downloaded in order to run in a web browser.
To make matters worse, JavaScript also cannot be locked down to a specific web domain.
The code is accessible to be hacked by any competitor. No matter how many steps are taken to hide the JavaScript, the web browser eventually downloads the JavaScript file to run it within the client’s web browser.
For comparison, hacking a Flash or Silverlight application just by viewing the source is not very easy but anyone with a little knowledge of HTML5 can do it in minutes.
The hacks of famous HTML5 games like AngryBirds, Texas Holdem and many others are excellent examples of the insecure techniques employed by HTML5 developers. All security measures are useless once the code has been obtained and reverse engineered. No matter what any HTML5 or JavaScript developer may claim, these facts are true and irrefutable!
Fact #2: The concept of HTML5 Canvas is nothing new.
As we discussed already, HTML5 is based on the same concepts of HTML4. The most useful and talked about feature of HTML5 is the new “Canvas” object. Canvas makes it easy for JavaScript developers to “paint” within a web browser, simplifying the design of applications that utilize graphics. But you may be surprised to know that this functionality has been available in a simulated manner with very little attention since the release of HTML4.
Fact #3: There is a widespread misconception about HTML5
HTML5 has been labeled as a “cross platform programming language” which is a serious misconception. It is true that HTML5 is capable of running on all types of platforms such as Windows, Linux, Android and other mobile operating systems but let’s not forget that HTML5 is nothing more than web page markup, which is controlled by JavaScript. Classifying HTML5 and JavaScript as a true programming language would be incorrect. It is a browser integrated language that cannot utilize all the features of the underlying operating system.
When Should You Use HTML5?
The answer is quite simple. Use HTML5 when you do not care about your source code, intellectual property, or trade secrets. If you do not care that a competitor may steal your source code after it has been uploaded to your web site then use HTML5. As you can see, HTML5 is perfect for buttons, menus and website specific content, for which it was designed.
The Bottom Line – Better Options Available
The bottom line is that HTML5 and JavaScript are great for a lot of things, but you can’t effectively protect anything that you develop with them. This clearly doesn’t add up if you are using these technologies for developing business applications, which they were not designed for.
If you are developing a web application then consider using Flash or Silverlight, both of which run in all popular web browsers for desktop operating system, including Windows, Mac and Linux.
If you are developing a mobile application, there are far better options for iPhone, iPad and Android development that afford better protection of trade secrets, better security, performance and usability for the end user and also allow you to take advantage of the native features of the underlying operating systems. For iOS (iPad and iPhone), use the Object C programming language. For Android, use the Java programming language.
For Windows development, consider C++, C#, Delphi or other proven languages.
Although slightly more difficult to develop with, Objective C, C++, C#, Java and other low level languages are always the best option no matter if you are developing desktop, web, or mobile applications.
Permission to Redistribute
Copyright (c) 2012 by Modulus Financial Engineering, Inc. http://www.modulusfe.com All rights reserved. Permission is hereby granted to redistribute the article providing this copyright notice remains in place.
About the Author
Richard Gardner is Founder/CEO of Modulus Financial Engineering, Inc. In addition to his leadership role of the firms team members, Richard is an influential member of the financial technology industry at large, a globally-respected professional trader and software engineer, a guest speaker at industry conferences and among the inventors on over 70 technology patents.