Identifying the [significantly larger] attack surfaceNew XSS vectors in HTML5Cross Origin Resource SharingCross Document MessagingXMLHttpRequest Level 2Offline cache & other client-side storagesWeb SQLWeb socketsClickjacking with HTML5Mobile html5 application vulnerabilitiesWatching & listening to users via html5 media capture & geolocation featuresJavascript worms & social engineering on twitter bootstrap.