Skip to content

Commit

Permalink
[e] (0) Clarify what codes are exposed in case of error, since this t…
Browse files Browse the repository at this point in the history 
…ext was mysteriously removed from the RFC at some point.

Affected topics: HTML, WebSocket API

git-svn-id: http://svn.whatwg.org/webapps@7175 340c8d12-0b0e-0410-8428-c7bf67bfef74
  • Loading branch information
@Hixie
Hixie committed Jul 11, 2012
1 parent 0f2d579 commit 121987f
Show file tree
Hide file tree
Showing 3 changed files with 133 additions and 4 deletions.
45 changes: 43 additions & 2 deletions complete.html
View file
Expand Up @@ -240,7 +240,7 @@


<header class=head id=head><p><a class=logo href=http://www.whatwg.org/><img alt=WHATWG height=101 src=/images/logo width=101></a></p> <header class=head id=head><p><a class=logo href=http://www.whatwg.org/><img alt=WHATWG height=101 src=/images/logo width=101></a></p>
<hgroup><h1 class=allcaps>HTML</h1> <hgroup><h1 class=allcaps>HTML</h1>
<h2 class="no-num no-toc">Living Standard &mdash; Last Updated 10 July 2012</h2> <h2 class="no-num no-toc">Living Standard &mdash; Last Updated 11 July 2012</h2>
</hgroup><dl><dt><strong>Web developer edition:</strong></dt> </hgroup><dl><dt><strong>Web developer edition:</strong></dt>
<dd><strong><a href=http://developers.whatwg.org/>http://developers.whatwg.org/</a></strong></dd> <dd><strong><a href=http://developers.whatwg.org/>http://developers.whatwg.org/</a></strong></dd>
<dt>Multiple-page version:</dt> <dt>Multiple-page version:</dt>
Expand Down Expand Up @@ -83090,7 +83090,47 @@ <h4 id=the-websocket-interface><span class=secno>10.3.2 </span>The <code><a href
<a href=#decoded-as-utf-8,-with-error-handling>decoded as UTF-8, with error handling</a>, and dispatch <a href=#decoded-as-utf-8,-with-error-handling>decoded as UTF-8, with error handling</a>, and dispatch
the event at the <code><a href=#websocket>WebSocket</a></code> object. <a href=#refsWSP>[WSP]</a></li> the event at the <code><a href=#websocket>WebSocket</a></code> object. <a href=#refsWSP>[WSP]</a></li>


</ol><p>The <a href=#task-source>task source</a> for all <a href=#concept-task title=concept-task>tasks</a> <a href=#queue-a-task title="queue a </ol><div class=warning>

<p>User agents must not convey any failure information to scripts
in a way that would allow a script to distinguish the following
situations:</p>

<ul><li>A server whose host name could not be resolved.

<li>A server to which packets could not successfully be routed.

<li>A server that refused the connection on the specified port.

<li>A server that failed to correctly perform a TLS handshake
(e.g., the server certificate can't be verified).

<li>A server that did not complete the opening handshake (e.g.
because it was not a WebSocket server).

<li>A WebSocket server that sent a correct opening handshake, but
that specified options that caused the client to drop the
connection (e.g. the server specified a subprotocol that the
client did not offer).

<li>A WebSocket server that abruptly closed the connection after
successfully completing the opening handshake.

</ul><p>In all of these cases, the <i><a href=#the-websocket-connection-close-code>the WebSocket connection close
code</a></i> would be 1006, as required by the WebSocket Protocol
specification. <a href=#refsWSP>[WSP]</a></p>

<p>Allowing a script to distinguish these cases would allow a
script to probe the user's local network in preparation for an
attack.</p>

<p class=note>In particular, this means the code 1015 is not used
by the user agent (unless the server erroneously uses it in its
close frame, of course).</p>

</div>

<hr><p>The <a href=#task-source>task source</a> for all <a href=#concept-task title=concept-task>tasks</a> <a href=#queue-a-task title="queue a
task">queued</a> in this section is the <dfn id=websocket-task-source>WebSocket task task">queued</a> in this section is the <dfn id=websocket-task-source>WebSocket task
source</dfn>.</p> source</dfn>.</p>


Expand Down Expand Up @@ -103578,6 +103618,7 @@ <h3 class="no-num">Reflecting IDL attributes</h3>
James Robinson, James Robinson,
Jamie Lokier, Jamie Lokier,
Jan-Klaas Kollhof, Jan-Klaas Kollhof,
Jason Duell,
Jason Kersey, Jason Kersey,
Jason Lustig, Jason Lustig,
Jason White, Jason White,
Expand Down
45 changes: 43 additions & 2 deletions index
View file
Expand Up @@ -240,7 +240,7 @@


<header class=head id=head><p><a class=logo href=http://www.whatwg.org/><img alt=WHATWG height=101 src=/images/logo width=101></a></p> <header class=head id=head><p><a class=logo href=http://www.whatwg.org/><img alt=WHATWG height=101 src=/images/logo width=101></a></p>
<hgroup><h1 class=allcaps>HTML</h1> <hgroup><h1 class=allcaps>HTML</h1>
<h2 class="no-num no-toc">Living Standard &mdash; Last Updated 10 July 2012</h2> <h2 class="no-num no-toc">Living Standard &mdash; Last Updated 11 July 2012</h2>
</hgroup><dl><dt><strong>Web developer edition:</strong></dt> </hgroup><dl><dt><strong>Web developer edition:</strong></dt>
<dd><strong><a href=http://developers.whatwg.org/>http://developers.whatwg.org/</a></strong></dd> <dd><strong><a href=http://developers.whatwg.org/>http://developers.whatwg.org/</a></strong></dd>
<dt>Multiple-page version:</dt> <dt>Multiple-page version:</dt>
Expand Down Expand Up @@ -83090,7 +83090,47 @@ socket.onopen = function () {
<a href=#decoded-as-utf-8,-with-error-handling>decoded as UTF-8, with error handling</a>, and dispatch <a href=#decoded-as-utf-8,-with-error-handling>decoded as UTF-8, with error handling</a>, and dispatch
the event at the <code><a href=#websocket>WebSocket</a></code> object. <a href=#refsWSP>[WSP]</a></li> the event at the <code><a href=#websocket>WebSocket</a></code> object. <a href=#refsWSP>[WSP]</a></li>


</ol><p>The <a href=#task-source>task source</a> for all <a href=#concept-task title=concept-task>tasks</a> <a href=#queue-a-task title="queue a </ol><div class=warning>

<p>User agents must not convey any failure information to scripts
in a way that would allow a script to distinguish the following
situations:</p>

<ul><li>A server whose host name could not be resolved.

<li>A server to which packets could not successfully be routed.

<li>A server that refused the connection on the specified port.

<li>A server that failed to correctly perform a TLS handshake
(e.g., the server certificate can't be verified).

<li>A server that did not complete the opening handshake (e.g.
because it was not a WebSocket server).

<li>A WebSocket server that sent a correct opening handshake, but
that specified options that caused the client to drop the
connection (e.g. the server specified a subprotocol that the
client did not offer).

<li>A WebSocket server that abruptly closed the connection after
successfully completing the opening handshake.

</ul><p>In all of these cases, the <i><a href=#the-websocket-connection-close-code>the WebSocket connection close
code</a></i> would be 1006, as required by the WebSocket Protocol
specification. <a href=#refsWSP>[WSP]</a></p>

<p>Allowing a script to distinguish these cases would allow a
script to probe the user's local network in preparation for an
attack.</p>

<p class=note>In particular, this means the code 1015 is not used
by the user agent (unless the server erroneously uses it in its
close frame, of course).</p>

</div>

<hr><p>The <a href=#task-source>task source</a> for all <a href=#concept-task title=concept-task>tasks</a> <a href=#queue-a-task title="queue a
task">queued</a> in this section is the <dfn id=websocket-task-source>WebSocket task task">queued</a> in this section is the <dfn id=websocket-task-source>WebSocket task
source</dfn>.</p> source</dfn>.</p>


Expand Down Expand Up @@ -103578,6 +103618,7 @@ if (s = prompt('What is your name?')) {
James Robinson, James Robinson,
Jamie Lokier, Jamie Lokier,
Jan-Klaas Kollhof, Jan-Klaas Kollhof,
Jason Duell,
Jason Kersey, Jason Kersey,
Jason Lustig, Jason Lustig,
Jason White, Jason White,
Expand Down
47 changes: 47 additions & 0 deletions source
View file
Expand Up @@ -96632,6 +96632,52 @@ socket.onopen = function () {


</ol> </ol>


<div class="warning">

<p>User agents must not convey any failure information to scripts
in a way that would allow a script to distinguish the following
situations:</p>

<ul>

<li>A server whose host name could not be resolved.

<li>A server to which packets could not successfully be routed.

<li>A server that refused the connection on the specified port.

<li>A server that failed to correctly perform a TLS handshake
(e.g., the server certificate can't be verified).

<li>A server that did not complete the opening handshake (e.g.
because it was not a WebSocket server).

<li>A WebSocket server that sent a correct opening handshake, but
that specified options that caused the client to drop the
connection (e.g. the server specified a subprotocol that the
client did not offer).

<li>A WebSocket server that abruptly closed the connection after
successfully completing the opening handshake.

</ul>

<p>In all of these cases, the <i>the WebSocket connection close
code</i> would be 1006, as required by the WebSocket Protocol
specification. <a href="#refsWSP">[WSP]</a></p>

<p>Allowing a script to distinguish these cases would allow a
script to probe the user's local network in preparation for an
attack.</p>

<p class="note">In particular, this means the code 1015 is not used
by the user agent (unless the server erroneously uses it in its
close frame, of course).</p>

</div>

<hr>

<p>The <span>task source</span> for all <span <p>The <span>task source</span> for all <span
title="concept-task">tasks</span> <span title="queue a title="concept-task">tasks</span> <span title="queue a
task">queued</span> in this section is the <dfn>WebSocket task task">queued</span> in this section is the <dfn>WebSocket task
Expand Down Expand Up @@ -121520,6 +121566,7 @@ if (s = prompt('What is your name?')) {
James Robinson, James Robinson,
Jamie Lokier, Jamie Lokier,
Jan-Klaas Kollhof, Jan-Klaas Kollhof,
Jason Duell,
Jason Kersey, Jason Kersey,
Jason Lustig, Jason Lustig,
Jason White, Jason White,
Expand Down

0 comments on commit 121987f

Please sign in to comment.