Security Issues with HTML 5
The new capabilities offered by HTML 5 are unfortunately also many opportunities for malware to infiltrate the lives of surfers.
Browser vendors are aware and are doing their utmost to reflect it in their developments. The sandbox inaugurated by Chrome and widespread now, responds to this concern.
Offline mode
If it can access the contents of local storage variables, the spy has not only access to personal data, but it can inject its own data.
The caching application on the user desktop makes it easier to infect it, it becomes a Trojan horse behind the firewall of the computer.
Geolocation
The spy can know where you are at any time. To a burglar, it helps to know if you're away from home.
WebSocket
A preferred mode of access to websites. Misused, it may permit to install malwares.
Iframe
It is a very popular with malicious scripts. Used in invisible mode to intercept actions of the user, it transmits confidential information to spies.
The HTML 5 specification has made the allowtransparency attribute obsolete, but it is still possible with CSS code.
The script and sandbox options secure an iframe created by the webmaster, but not if it is created by a malicious script.
JavaScript
It is becoming increasingly present thanks to the capabilities of Web application that delivers HTML 5. Users will no longer disable it, so it should be secured.
localStorage
Cookies are used to gather information about the sites you visit, the purpose being generally not malicious as providing targeted advertising, but could become so.
With localStorage the amount of stored information is growing dramatically.
Conclusion
The user can only rely on editors to better secure HTML 5 sites and applications. But also he must be very vigilant about his sources and sites he visits. This problem is also the same with mobile phone applications.