Skip to content

/html

Permalink
Browse files

[e] (0) Clarify what codes are exposed in case of error, since this t… 

…ext was mysteriously removed from the RFC at some point.

Affected topics: HTML, WebSocket API

git-svn-id: http://svn.whatwg.org/webapps@7175 340c8d12-0b0e-0410-8428-c7bf67bfef74
  • Loading branch information...
@Hixie
Hixie committed Jul 11, 2012
1 parent 0f2d579 commit 121987f23522e01c39b6ad6193caf6b52edf6f05
Unified Split
Showing with 133 additions and 4 deletions.
  1. +43 −2 complete.html
  2. +43 −2 index
  3. +47 −0 source
View file
45 complete.html

<header class=head id=head><p><a class=logo href=http://www.whatwg.org/><img alt=WHATWG height=101 src=/images/logo width=101></a></p>
<hgroup><h1 class=allcaps>HTML</h1>
<h2 class="no-num no-toc">Living Standard &mdash; Last Updated 10 July 2012</h2>
<h2 class="no-num no-toc">Living Standard &mdash; Last Updated 11 July 2012</h2>
</hgroup><dl><dt><strong>Web developer edition:</strong></dt>
<dd><strong><a href=http://developers.whatwg.org/>http://developers.whatwg.org/</a></strong></dd>
<dt>Multiple-page version:</dt>
<a href=#decoded-as-utf-8,-with-error-handling>decoded as UTF-8, with error handling</a>, and dispatch
the event at the <code><a href=#websocket>WebSocket</a></code> object. <a href=#refsWSP>[WSP]</a></li>

</ol><p>The <a href=#task-source>task source</a> for all <a href=#concept-task title=concept-task>tasks</a> <a href=#queue-a-task title="queue a
</ol><div class=warning>

<p>User agents must not convey any failure information to scripts
in a way that would allow a script to distinguish the following
situations:</p>

<ul><li>A server whose host name could not be resolved.

<li>A server to which packets could not successfully be routed.

<li>A server that refused the connection on the specified port.

<li>A server that failed to correctly perform a TLS handshake
(e.g., the server certificate can't be verified).

<li>A server that did not complete the opening handshake (e.g.
because it was not a WebSocket server).

<li>A WebSocket server that sent a correct opening handshake, but
that specified options that caused the client to drop the
connection (e.g. the server specified a subprotocol that the
client did not offer).

<li>A WebSocket server that abruptly closed the connection after
successfully completing the opening handshake.

</ul><p>In all of these cases, the <i><a href=#the-websocket-connection-close-code>the WebSocket connection close
code</a></i> would be 1006, as required by the WebSocket Protocol
specification. <a href=#refsWSP>[WSP]</a></p>

<p>Allowing a script to distinguish these cases would allow a
script to probe the user's local network in preparation for an
attack.</p>

<p class=note>In particular, this means the code 1015 is not used
by the user agent (unless the server erroneously uses it in its
close frame, of course).</p>

</div>

<hr><p>The <a href=#task-source>task source</a> for all <a href=#concept-task title=concept-task>tasks</a> <a href=#queue-a-task title="queue a
task">queued</a> in this section is the <dfn id=websocket-task-source>WebSocket task
source</dfn>.</p>

James Robinson,
Jamie Lokier,
Jan-Klaas Kollhof,
Jason Duell,
Jason Kersey,
Jason Lustig,
Jason White,
View file
45 index

<header class=head id=head><p><a class=logo href=http://www.whatwg.org/><img alt=WHATWG height=101 src=/images/logo width=101></a></p>
<hgroup><h1 class=allcaps>HTML</h1>
<h2 class="no-num no-toc">Living Standard &mdash; Last Updated 10 July 2012</h2>
<h2 class="no-num no-toc">Living Standard &mdash; Last Updated 11 July 2012</h2>
</hgroup><dl><dt><strong>Web developer edition:</strong></dt>
<dd><strong><a href=http://developers.whatwg.org/>http://developers.whatwg.org/</a></strong></dd>
<dt>Multiple-page version:</dt>
<a href=#decoded-as-utf-8,-with-error-handling>decoded as UTF-8, with error handling</a>, and dispatch
the event at the <code><a href=#websocket>WebSocket</a></code> object. <a href=#refsWSP>[WSP]</a></li>

</ol><p>The <a href=#task-source>task source</a> for all <a href=#concept-task title=concept-task>tasks</a> <a href=#queue-a-task title="queue a
</ol><div class=warning>

<p>User agents must not convey any failure information to scripts
in a way that would allow a script to distinguish the following
situations:</p>

<ul><li>A server whose host name could not be resolved.

<li>A server to which packets could not successfully be routed.

<li>A server that refused the connection on the specified port.

<li>A server that failed to correctly perform a TLS handshake
(e.g., the server certificate can't be verified).

<li>A server that did not complete the opening handshake (e.g.
because it was not a WebSocket server).

<li>A WebSocket server that sent a correct opening handshake, but
that specified options that caused the client to drop the
connection (e.g. the server specified a subprotocol that the
client did not offer).

<li>A WebSocket server that abruptly closed the connection after
successfully completing the opening handshake.

</ul><p>In all of these cases, the <i><a href=#the-websocket-connection-close-code>the WebSocket connection close
code</a></i> would be 1006, as required by the WebSocket Protocol
specification. <a href=#refsWSP>[WSP]</a></p>

<p>Allowing a script to distinguish these cases would allow a
script to probe the user's local network in preparation for an
attack.</p>

<p class=note>In particular, this means the code 1015 is not used
by the user agent (unless the server erroneously uses it in its
close frame, of course).</p>

</div>

<hr><p>The <a href=#task-source>task source</a> for all <a href=#concept-task title=concept-task>tasks</a> <a href=#queue-a-task title="queue a
task">queued</a> in this section is the <dfn id=websocket-task-source>WebSocket task
source</dfn>.</p>

James Robinson,
Jamie Lokier,
Jan-Klaas Kollhof,
Jason Duell,
Jason Kersey,
Jason Lustig,
Jason White,
View file
47 source

</ol>

<div class="warning">

<p>User agents must not convey any failure information to scripts
in a way that would allow a script to distinguish the following
situations:</p>

<ul>

<li>A server whose host name could not be resolved.

<li>A server to which packets could not successfully be routed.

<li>A server that refused the connection on the specified port.

<li>A server that failed to correctly perform a TLS handshake
(e.g., the server certificate can't be verified).

<li>A server that did not complete the opening handshake (e.g.
because it was not a WebSocket server).

<li>A WebSocket server that sent a correct opening handshake, but
that specified options that caused the client to drop the
connection (e.g. the server specified a subprotocol that the
client did not offer).

<li>A WebSocket server that abruptly closed the connection after
successfully completing the opening handshake.

</ul>

<p>In all of these cases, the <i>the WebSocket connection close
code</i> would be 1006, as required by the WebSocket Protocol
specification. <a href="#refsWSP">[WSP]</a></p>

<p>Allowing a script to distinguish these cases would allow a
script to probe the user's local network in preparation for an
attack.</p>

<p class="note">In particular, this means the code 1015 is not used
by the user agent (unless the server erroneously uses it in its
close frame, of course).</p>

</div>

<hr>

<p>The <span>task source</span> for all <span
title="concept-task">tasks</span> <span title="queue a
task">queued</span> in this section is the <dfn>WebSocket task
James Robinson,
Jamie Lokier,
Jan-Klaas Kollhof,
Jason Duell,
Jason Kersey,
Jason Lustig,
Jason White,

0 comments on commit 121987f

Please sign in to comment.
You can’t perform that action at this time.