To write secure HTML applications check out the following links for recommendations:
Whatwg recommendations
W3 Writing secure applications with html