<header class=head id=head><p><a class=logo href=http://www.whatwg.org/><img alt=WHATWG height=101 src=/images/logo width=101></a></p>
<hgroup><h1 class=allcaps>HTML</h1>
<h2 class="no-num no-toc">Living Standard — Last Updated 10 July 2012</h2>
<h2 class="no-num no-toc">Living Standard — Last Updated 11 July 2012</h2>
</hgroup><dl><dt><strong>Web developer edition:</strong></dt>
<dd><strong><a href=http://developers.whatwg.org/>http://developers.whatwg.org/</a></strong></dd>
<dt>Multiple-page version:</dt>
<a href=#decoded-as-utf-8,-with-error-handling>decoded as UTF-8, with error handling</a>, and dispatch
the event at the <code><a href=#websocket>WebSocket</a></code> object. <a href=#refsWSP>[WSP]</a></li>
</ol><p>The <a href=#task-source>task source</a> for all <a href=#concept-task title=concept-task>tasks</a> <a href=#queue-a-task title="queue a
</ol><div class=warning>
<p>User agents must not convey any failure information to scripts
in a way that would allow a script to distinguish the following
situations:</p>
<ul><li>A server whose host name could not be resolved.
<li>A server to which packets could not successfully be routed.
<li>A server that refused the connection on the specified port.
<li>A server that failed to correctly perform a TLS handshake
(e.g., the server certificate can't be verified).
<li>A server that did not complete the opening handshake (e.g.
because it was not a WebSocket server).
<li>A WebSocket server that sent a correct opening handshake, but
that specified options that caused the client to drop the
connection (e.g. the server specified a subprotocol that the
client did not offer).
<li>A WebSocket server that abruptly closed the connection after
successfully completing the opening handshake.
</ul><p>In all of these cases, the <i><a href=#the-websocket-connection-close-code>the WebSocket connection close
code</a></i> would be 1006, as required by the WebSocket Protocol
specification. <a href=#refsWSP>[WSP]</a></p>
<p>Allowing a script to distinguish these cases would allow a
script to probe the user's local network in preparation for an
attack.</p>
<p class=note>In particular, this means the code 1015 is not used
by the user agent (unless the server erroneously uses it in its
close frame, of course).</p>
</div>
<hr><p>The <a href=#task-source>task source</a> for all <a href=#concept-task title=concept-task>tasks</a> <a href=#queue-a-task title="queue a
task">queued</a> in this section is the <dfn id=websocket-task-source>WebSocket task
source</dfn>.</p>
James Robinson,
Jamie Lokier,
Jan-Klaas Kollhof,
Jason Duell,
Jason Kersey,
Jason Lustig,
Jason White,