[html5] r2638 - [e] (0) Reorganise the WebSocket section in preparation for splitting out the pr [...]
whatwg at whatwg.org
whatwg at whatwg.org
Thu Jan 8 15:42:16 PST 2009
Author: ianh
Date: 2009-01-08 15:42:15 -0800 (Thu, 08 Jan 2009)
New Revision: 2638
Modified:
index
source
Log:
[e] (0) Reorganise the WebSocket section in preparation for splitting out the protocol section.
Modified: index
===================================================================
--- index 2009-01-08 09:58:03 UTC (rev 2637)
+++ index 2009-01-08 23:42:15 UTC (rev 2638)
@@ -851,21 +851,31 @@
<li><a href=#network-intro><span class=secno>7.3.1 </span>Introduction</a></li>
<li><a href=#the-websocket-interface><span class=secno>7.3.2 </span>The <code>WebSocket</code> interface</a></li>
<li><a href=#websocket-events><span class=secno>7.3.3 </span>WebSocket Events</a></li>
- <li><a href=#websocket-protocol><span class=secno>7.3.4 </span>The Web Socket protocol</a>
+ <li><a href=#feedback-from-the-protocol><span class=secno>7.3.4 </span>Feedback from the protocol</a></li>
+ <li><a href=#websocket-protocol title="This protocol enables two-way
+ communication between a user agent running untrusted code running in
+ a controlled environment to a remote host that understands the
+ protocol. It is intended to fail to communicate with servers of
+ pre-existing protocols like SMTP or HTTP, while allowing HTTP
+ servers to opt-in to supporting this protocol if desired. It is
+ designed to be easy to implement on the server side."><span class=secno>7.3.5 </span>The Web Socket
+ protocol</a>
<ol>
- <li><a href=#client-side-requirements><span class=secno>7.3.4.1 </span>Client-side requirements</a>
+ <li><a href=#introduction-5><span class=secno>7.3.5.1 </span>Introduction</a></li>
+ <li><a href=#client-side-requirements><span class=secno>7.3.5.2 </span>Client-side requirements</a>
<ol>
- <li><a href=#handshake><span class=secno>7.3.4.1.1 </span>Handshake</a></li>
- <li><a href=#data-framing><span class=secno>7.3.4.1.2 </span>Data framing</a></ol></li>
- <li><a href=#server-side-requirements><span class=secno>7.3.4.2 </span>Server-side requirements</a>
+ <li><a href=#handshake><span class=secno>7.3.5.2.1 </span>Handshake</a></li>
+ <li><a href=#data-framing><span class=secno>7.3.5.2.2 </span>Data framing</a></ol></li>
+ <li><a href=#server-side-requirements><span class=secno>7.3.5.3 </span>Server-side requirements</a>
<ol>
- <li><a href=#minimal-handshake><span class=secno>7.3.4.2.1 </span>Minimal handshake</a></li>
- <li><a href=#handshake-details><span class=secno>7.3.4.2.2 </span>Handshake details</a></li>
- <li><a href=#ws-sd-framing><span class=secno>7.3.4.2.3 </span>Data framing</a></ol></li>
- <li><a href=#closing-the-connection><span class=secno>7.3.4.3 </span>Closing the connection</a></ol></ol></li>
+ <li><a href=#minimal-handshake><span class=secno>7.3.5.3.1 </span>Minimal handshake</a></li>
+ <li><a href=#handshake-details><span class=secno>7.3.5.3.2 </span>Handshake details</a></li>
+ <li><a href=#ws-sd-framing><span class=secno>7.3.5.3.3 </span>Data framing</a></ol></li>
+ <li><a href=#closing-the-connection><span class=secno>7.3.5.4 </span>Closing the connection</a></li>
+ <li><a href=#security-considerations><span class=secno>7.3.5.5 </span>Security considerations</a></ol></ol></li>
<li><a href=#crossDocumentMessages><span class=secno>7.4 </span>Cross-document messaging</a>
<ol>
- <li><a href=#introduction-5><span class=secno>7.4.1 </span>Introduction</a></li>
+ <li><a href=#introduction-6><span class=secno>7.4.1 </span>Introduction</a></li>
<li><a href=#security-5><span class=secno>7.4.2 </span>Security</a>
<ol>
<li><a href=#authors><span class=secno>7.4.2.1 </span>Authors</a></li>
@@ -874,7 +884,7 @@
<li><a href=#posting-messages-with-message-ports><span class=secno>7.4.4 </span>Posting messages with message ports</a></ol></li>
<li><a href=#channel-messaging><span class=secno>7.5 </span>Channel messaging</a>
<ol>
- <li><a href=#introduction-6><span class=secno>7.5.1 </span>Introduction</a></li>
+ <li><a href=#introduction-7><span class=secno>7.5.1 </span>Introduction</a></li>
<li><a href=#message-channels><span class=secno>7.5.2 </span>Message channels</a></li>
<li><a href=#message-ports><span class=secno>7.5.3 </span>Message ports</a>
<ol>
@@ -44097,16 +44107,52 @@
<p>The <dfn id=dom-websocket title=dom-WebSocket><code>WebSocket(<var title="">url</var>)</code></dfn> constructor takes one argument,
<var title="">url</var>, which specifies the <a href=#url>URL</a> to
- which to connect. When a <code><a href=#websocket>WebSocket</a></code> object is created,
- the UA must <a href=#parse-a-url title="parse a url">parse</a> this argument and
- verify that the URL parses without failure and has a <a href=#url-scheme title=url-scheme><scheme></a> component whose value is
- either "<code title="">ws</code>" or "<code title="">wss</code>",
- when compared in an <a href=#ascii-case-insensitive>ASCII case-insensitive</a> manner. If
- it does, it has, and it is, then the user agent must asynchronously
- <a href=#establish-a-web-socket-connection>establish a Web Socket connection</a> to <var title="">url</var>. Otherwise, the constructor must raise a
- <code><a href=#syntax_err>SYNTAX_ERR</a></code> exception.</p>
+ which to connect. When the <code>WebSocket()</code> constructor is
+ invoked, the UA must run these steps:</p>
- <p>The <dfn id=dom-websocket-url title=dom-WebSocket-URL><code>URL</code></dfn>
+ <ol><li><p><a href=#parse-a-url title="parse a url">Parse</a> the <var title="">url</var> argument.</li>
+
+ <li><p>If the previous step failed, or if <var title="">url</var>
+ does not have a <a href=#url-scheme title=url-scheme><scheme></a>
+ component whose value is either "<code title="">ws</code>" or
+ "<code title="">wss</code>", when compared in an <a href=#ascii-case-insensitive>ASCII
+ case-insensitive</a> manner, then throw a
+ <code><a href=#syntax_err>SYNTAX_ERR</a></code> exception.</li>
+
+ <li><p>Return a new <code><a href=#websocket>WebSocket</a></code> object, and continue
+ these steps in the background (without blocking scripts).</li>
+
+ <li><p>Let <var title="">origin</var> be the <a href=#ascii-serialization-of-an-origin title="ASCII
+ serialization of an origin">ASCII serialization</a> of the
+ <a href=#origin-0>origin</a> of the script that invoked the <code title=dom-WebSocket><a href=#dom-websocket>WebSocket()</a></code> constructor.</li>
+
+ <li><p>If the <a href=#url-scheme title=url-scheme><scheme></a>
+ component of <var title="">url</var> is "<code title="">ws</code>",
+ set <var title="">secure</var> to false; otherwise, the <a href=#url-scheme title=url-scheme><scheme></a> component is "<code title="">wss</code>", set <var title="">secure</var> to
+ true.</li>
+
+ <li><p>Let <var title="">host</var> be the value of the <a href=#url-host title=url-host><host></a> component of <var title="">url</var>.</li>
+
+ <li><p>If <var title="">url</var> has a <a href=#url-port title=url-port><port></a> component, then let <var title="">port</var> be that component's value; otherwise, there is
+ no explicit <var title="">port</var>.</li>
+
+ <li><p>Let <var title="">resource name</var> be the value of the
+ <a href=#url-path title=url-path><path></a> component (which might
+ be empty) of <var title="">url</var>.</li>
+
+ <li><p>If <var title="">resource name</var> is the empty string,
+ set it to a single character U+002F SOLIDUS (/).</li>
+
+ <li><p>If <var title="">url</var> has a <a href=#url-query title=url-query><query></a> component, then append a
+ single U+003F QUESTION MARK (?) character to <var title="">resource
+ name</var>, followed by the value of the <a href=#url-query title=url-query><query></a> component.</li>
+
+ <li><p><a href=#establish-a-web-socket-connection>Establish a Web Socket connection</a> to a host
+ <var title="">host</var>, on port <var title="">port</var> (if one
+ was specified), from <var title="">origin</var>, with the flag <var title="">secure</var>, and with <var title="">resource name</var>
+ as the resource name.</li>
+
+ </ol><hr><p>The <dfn id=dom-websocket-url title=dom-WebSocket-URL><code>URL</code></dfn>
attribute must return the value that was passed to the
constructor.</p>
@@ -44127,7 +44173,9 @@
<dd>The connection has been closed or could not be opened.</dd>
</dl><p>When the object is created its <code title=dom-WebSocket-readyState><a href=#dom-websocket-readystate>readyState</a></code> must be set to
- <code title=dom-WebSocket-CONNECTING><a href=#dom-websocket-connecting>CONNECTING</a></code> (0).</p>
+ <code title=dom-WebSocket-CONNECTING><a href=#dom-websocket-connecting>CONNECTING</a></code> (0). The
+ steps executed when the constructor is invoked change this
+ attribute's value.</p>
<p>The <dfn id=dom-websocket-postmessage title=dom-WebSocket-postMessage><code>postMessage(<var title="">data</var>)</code></dfn> method transmits data using the
connection. If the connection is not established (<code title=dom-WebSocket-readyState><a href=#dom-websocket-readystate>readyState</a></code> is not <code title=dom-WebSocket-OPEN><a href=#dom-websocket-open>OPEN</a></code>), it must raise an
@@ -44180,14 +44228,64 @@
<dd><p>Must be invoked whenever an <code title=event-WebSocket-closed>closed</code> event is targeted at or
bubbles through the <code><a href=#websocket>WebSocket</a></code> object.</dd>
- </dl><h4 id=websocket-protocol><span class=secno>7.3.4 </span>The Web Socket protocol</h4>
+ </dl><h4 id=feedback-from-the-protocol><span class=secno>7.3.4 </span>Feedback from the protocol</h4>
- <p>The <a href=#task-source>task source</a> for all <a href=#concept-task title=concept-task>tasks</a> <a href=#queue-a-task title="queue a
- task">queued</a> by algorithms in this section and its
- subsections is the <dfn id=web-socket-task-source>Web Socket task source</dfn>.</p>
+ <p>When the <i><a href=#web-socket-connection-is-established>Web Socket connection is established</a></i>, the user
+ agent must run the following steps:</p>
- <h5 id=client-side-requirements><span class=secno>7.3.4.1 </span>Client-side requirements</h5>
+ <ol><li>
+ <p>Change the <code title=dom-WebSocket-readyState><a href=#dom-websocket-readystate>readyState</a></code> attribute's value
+ to <code title=dom-WebSocket-OPEN><a href=#dom-websocket-open>OPEN</a></code> (1).</p>
+
+ </li>
+
+ <li>
+
+ <p><a href=#queue-a-task>Queue a task</a> to <a href=#fire-a-simple-event>fire a simple event</a>
+ named <code title=event-WebSocket-open><a href=#event-websocket-open>open</a></code> at the
+ <code><a href=#websocket>WebSocket</a></code> object.</p>
+
+ </li>
+
+ </ol><hr><p>When <i>a Web Socket message has been received</i> with text <var title="">data</var>, the user agent must create an event that uses
+ the <code><a href=#messageevent>MessageEvent</a></code> interface, with the event name <code title=event-message><a href=#event-message>message</a></code>, which does not bubble, is
+ cancelable, has no default action, and whose <code title=dom-MessageEvent-data><a href=#dom-messageevent-data>data</a></code> attribute is set to <var title="">data</var>, and <a href=#queue-a-task>queue a task</a> to dispatch it at
+ the <code><a href=#websocket>WebSocket</a></code> object.</p>
+
+ <hr><p id=closeWebSocket>When the <i><a href=#web-socket-connection-is-closed>Web Socket connection is
+ closed</a></i>, the <code title=dom-WebSocket-readyState><a href=#dom-websocket-readystate>readyState</a></code> attribute's value
+ must be changed to <code title=dom-WebSocket-CLOSED><a href=#dom-websocket-closed>CLOSED</a></code>
+ (2), and the user agent must <a href=#queue-a-task>queue a task</a> to <a href=#fire-a-simple-event>fire
+ a simple event</a> named <code title=event-WebSocket-close><a href=#event-websocket-close>close</a></code> at the
+ <code><a href=#websocket>WebSocket</a></code> object.</p>
+
+ <hr><p>The <a href=#task-source>task source</a> for all <a href=#concept-task title=concept-task>tasks</a> <a href=#queue-a-task title="queue a
+ task">queued</a> in this section is the <dfn id=web-socket-task-source>Web Socket task
+ source</dfn>.</p>
+
+
+
+ <h4 id=websocket-protocol title="This protocol enables two-way
+ communication between a user agent running untrusted code running in
+ a controlled environment to a remote host that understands the
+ protocol. It is intended to fail to communicate with servers of
+ pre-existing protocols like SMTP or HTTP, while allowing HTTP
+ servers to opt-in to supporting this protocol if desired. It is
+ designed to be easy to implement on the server side."><span class=secno>7.3.5 </span>The Web Socket
+ protocol</h4>
+
+ <div class=no-rfc>
+ <p class=note>This section will be extracted into an RFC in due
+ course.</p>
+ </div>
+
+ <h5 id=introduction-5><span class=secno>7.3.5.1 </span>Introduction</h5>
+
+ <p class=XXX>...</p>
+
+ <h5 id=client-side-requirements><span class=secno>7.3.5.2 </span>Client-side requirements</h5>
+
<p><em>This section only applies to user agents, not to
servers.</em></p>
@@ -44196,50 +44294,34 @@
establish to a server.</p>
- <h6 id=handshake><span class=secno>7.3.4.1.1 </span>Handshake</h6>
+ <h6 id=handshake><span class=secno>7.3.5.2.1 </span>Handshake</h6>
<p>When the user agent is to <dfn id=establish-a-web-socket-connection>establish a Web Socket
- connection</dfn> to <var title="">url</var>, it must run the
- following steps, in the background (without blocking scripts or
- anything like that):</p>
+ connection</dfn> to a host <var title="">host</var>, optionally on
+ port <var title="">port</var>, from an origin <var title="">origin</var>, with a flag <var title="">secure</var>, and
+ with a particular <var title="">resource name</var>, it must run the
+ following steps:</p>
- <ol><li id=ws-ua-1><p><a href=#resolve-a-url title="resolve a url">Resolve</a> the
- <a href=#url>URL</a> <var title="">url</var>.</li> <!-- warning for
- editors: this is referred to as "the first step" by later steps -->
+ <ol><li>
- <li><p>If the <a href=#url-scheme title=url-scheme><scheme></a>
- component of the resulting <a href=#absolute-url>absolute URL</a> is "<code title="">ws</code>", set <var title="">secure</var> to false;
- otherwise, the <a href=#url-scheme title=url-scheme><scheme></a>
- component is "<code title="">wss</code>", set <var title="">secure</var> to true.</li>
+ <p>If there is no explicit <var title="">port</var>, then: if <var title="">secure</var> is false, let <var title="">port</var> be 81,
+ otherwise let <var title="">port</var> be 815.</p>
- <li><p>Let <var title="">host</var> be the value of the <a href=#url-host title=url-host><host></a> component in the resulting
- <a href=#absolute-url>absolute URL</a>.</li>
+ </li>
- <li><p>If the resulting <a href=#absolute-url>absolute URL</a> has a <a href=#url-port title=url-port><port></a> component, then let <var title="">port</var> be that component's value; otherwise, if <var title="">secure</var> is false, let <var title="">port</var> be 81,
- otherwise let <var title="">port</var> be 815.</li>
-
- <li><p>Let <var title="">resource name</var> be the value of the
- <a href=#url-path title=url-path><path></a> component (which might
- be empty) in the resulting <a href=#absolute-url>absolute URL</a>.</li>
-
- <li><p>If <var title="">resource name</var> is the empty string,
- set it to a single character U+002F SOLIDUS (/).</li>
-
- <li><p>If the resulting <a href=#absolute-url>absolute URL</a> has a <a href=#url-query title=url-query><query></a> component, then append a
- single U+003F QUESTION MARK (?) character to <var title="">resource
- name</var>, followed by the value of the <a href=#url-query title=url-query><query></a> component.</li>
-
<li>
<p>If the user agent is configured to use a proxy to connect to
- port <var title="">port</var>, then connect to that proxy and ask
- it to open a TCP/IP connection to the host given by <var title="">host</var> and the port given by <var title="">port</var>.</p>
+ host <var title="">host</var> and/or port <var title="">port</var>, then connect to that proxy and ask it to open
+ a TCP/IP connection to the host given by <var title="">host</var>
+ and the port given by <var title="">port</var>.</p>
<div class=example>
- <p>For example, if the user agent uses an HTTP proxy, then if it
- was to try to connect to port 80 on server example.com, it might
- send the following lines to the proxy server:</p>
+ <p>For example, if the user agent uses an HTTP proxy for all
+ traffic, then if it was to try to connect to port 80 on server
+ example.com, it might send the following lines to the proxy
+ server:</p>
<pre>CONNECT example.com HTTP/1.1</pre>
@@ -44293,8 +44375,9 @@
<pre>48 6f 73 74 3a 20</pre>
- <p>Send the <var title="">host</var> value, encoded as US-ASCII,
- if it represents a host name (and not an IP address).</p>
+ <p>Send the <var title="">host</var> value, encoded as US-ASCII
+ and <a href=#converted-to-lowercase>converted to lowercase</a>, if it represents a host
+ name (and not an IP address).</p>
<p>Send the following bytes:</p>
@@ -44310,10 +44393,8 @@
<pre>4f 72 69 67 69 6e 3a 20</pre>
- <p>Send the <a href=#ascii-serialization-of-an-origin title="ASCII serialization of an origin">ASCII
- serialization</a> of the <a href=#origin-0>origin</a> of the script that
- invoked the <code title=dom-WebSocket><a href=#dom-websocket>WebSocket()</a></code>
- constructor.</p>
+ <p>Send the <var title="">origin</var> value, encoded as US-ASCII
+ and <a href=#converted-to-lowercase>converted to lowercase</a>.</p>
<p>Send the following bytes:</p>
@@ -44326,11 +44407,10 @@
<li>
<p>If the client has any authentication information or cookies
- that would be relevant to a resource with a <a href=#url>URL</a> that
- has a scheme of <code title="">http</code> if <var title="">secure</var> is false and <code title="">https</code> if
- <var title="">secure</var> is true and is otherwise identical to
- <var title="">url</var>, then HTTP headers that would be
- appropriate for that information should be sent at this point. <a href=#refsRFC2616>[RFC2616]</a> <a href=#refsRFC2109>[RFC2109]</a> <a href=#refsRFC2965>[RFC2965]</a></p>
+ that would be relevant to a resource accessed over HTTP, if <var title="">secure</var> is false, or HTTPS, if it is true, on host
+ <var title="">host</var>, port <var title="">port</var>, with <var title="">resource name</var> as the path (and possibly query
+ parameters), then HTTP headers that would be appropriate for that
+ information should be sent at this point. <a href=#refsRFC2616>[RFC2616]</a> <a href=#refsRFC2109>[RFC2109]</a> <a href=#refsRFC2965>[RFC2965]</a></p>
<p>Each header must be on a line of its own (each ending with a CR
LF sequence). For the purposes of this step, each header must not
@@ -44340,10 +44420,16 @@
<div class=example>
<p>For example, if the server had a username and password that
- applied to that URL, it could send:</p>
+ applied to <code title="">http://example.com/socket</code>, and
+ the Web Socket was being opened to <code title="">ws://example.com:80/socket</code>, it could send
+ them:</p>
<pre>Authorization: Basic d2FsbGU6ZXZl</pre>
+ <p>However, it would not send them if the Web Socket was being
+ opened to <code title="">ws://example.com/socket</code>, as that
+ uses a different port (81, not 80).</p>
+
</div>
</li>
@@ -44377,8 +44463,8 @@
string "Upgrade: WebSocket", CRLF, the string
"Connection: Upgrade", CRLF.</p>
- <p class=XXX>What if the response is a 401 asking for
- credentials?</p>
+ <!-- v2 if we ever support the server requiring credentials, this
+ is where it goes -->
</li>
@@ -44540,30 +44626,43 @@
<dl class=switch><dt>If the entry's name is "<code title="">websocket-origin</code>"</dt>
- <dd>If the value is not exactly equal to the <a href=#ascii-serialization-of-an-origin title="ASCII
- serialization of an origin">ASCII serialization</a> of the
- <a href=#origin-0>origin</a> of the script that invoked the <code title=dom-WebSocket><a href=#dom-websocket>WebSocket()</a></code> constructor, then
+ <dd><p>If the value is not exactly equal to <var title="">origin</var>, <a href=#converted-to-lowercase>converted to lowercase</a>, then
<a href=#fail-the-web-socket-connection>fail the Web Socket connection</a> and abort these
steps.</dd>
<dt>If the entry's name is "<code title="">websocket-location</code>"</dt>
- <dd>If the value is not exactly equal to the <a href=#absolute-url>absolute
- URL</a> that resulted from the <a href=#ws-ua-1>first
- step</a> of ths algorithm, then <a href=#fail-the-web-socket-connection>fail the Web Socket
- connection</a> and abort these steps.</dd>
+ <dd>
+ <p>If the value is not exactly equal to a string consisting of
+ the following components in the same order, then <a href=#fail-the-web-socket-connection>fail the
+ Web Socket connection</a> and abort these steps:</p>
+ <ol><li>The string "<code title="">http</code>" if <var title="">secure</var> is false and "<code title="">https</code>" if <var title="">secure</var> is
+ true</li>
+
+ <li>The three characters "<code title="">://</code>".</li>
+
+ <li>The value of <var title="">host</var>.</li>
+
+ <li>If <var title="">secure</var> is false and <var title="">port</var> is not 81, or if <var title="">secure</var>
+ is true and <var title="">port</var> is not 815: a "<code title="">:</code>" character followed by the value of <var title="">port</var>.</li>
+
+ <li>The value of <var title="">resource name</var>.</li>
+
+ </ol></dd>
+
+
<dt>If the entry's name is "<code title="">set-cookie</code>" or
"<code title="">set-cookie2</code>" or another cookie-related
header name</dt>
- <dd>Handle the cookie as defined by the appropriate spec, except
- pretend that the resource's <a href=#url>URL</a> actually has a
- scheme of <code title="">http</code> if <var title="">secure</var> is false and <code title="">https</code> if
- <var title="">secure</var> is true and is otherwise identical to
- <var title="">url</var>. <a href=#refsRFC2109>[RFC2109]</a> <a href=#refsRFC2965>[RFC2965]</a></dd>
+ <dd><p>Handle the cookie as defined by the appropriate spec, with
+ the resource being the one with the host <var title="">host</var>, the port <var title="">port</var>, the path
+ (and possibly query parameters) <var title="">resource
+ name</var>, and the scheme <code title="">http</code> if <var title="">secure</var> is false and <code title="">https</code> if
+ <var title="">secure</var> is true. <a href=#refsRFC2109>[RFC2109]</a> <a href=#refsRFC2965>[RFC2965]</a></dd>
<dt>Any other name</dt>
@@ -44574,21 +44673,6 @@
<li>
- <p>Change the <code title=dom-WebSocket-readyState><a href=#dom-websocket-readystate>readyState</a></code> attribute's value
- to <code title=dom-WebSocket-OPEN><a href=#dom-websocket-open>OPEN</a></code> (1).</p>
-
- </li>
-
- <li>
-
- <p><a href=#queue-a-task>Queue a task</a> to <a href=#fire-a-simple-event>fire a simple event</a>
- named <code title=event-WebSocket-open><a href=#event-websocket-open>open</a></code> at the
- <code><a href=#websocket>WebSocket</a></code> object.</p>
-
- </li>
-
- <li>
-
<p>The <dfn id=web-socket-connection-is-established>Web Socket connection is established</dfn>. Now the
user agent must send and receive to and from the connection as
described in the next section.</p>
@@ -44599,11 +44683,11 @@
<a href=#close-the-web-socket-connection>close the Web Socket connection</a>, and may report the
problem to the user (which would be especially useful for
developers). However, user agents must not convey the failure
- information to the script in a way distinguishable from the Web
- Socket being closed normally.</p>
+ information to the script that attempted the connection in a way
+ distinguishable from the Web Socket being closed normally.</p>
- <h6 id=data-framing><span class=secno>7.3.4.1.2 </span>Data framing</h6>
+ <h6 id=data-framing><span class=secno>7.3.5.2.2 </span>Data framing</h6>
<p>Once a <a href=#web-socket-connection-is-established>Web Socket connection is established</a>, the
user agent must run through the following state machine for the
@@ -44674,14 +44758,8 @@
<li><p>Interpret <var title="">raw data</var> as a UTF-8
string, and store that string in <var title="">data</var>.</p>
- <li><p>If <var title="">frame type</var> is 0x00, create an
- event that uses the <code><a href=#messageevent>MessageEvent</a></code> interface, with
- the event name <code title=event-message><a href=#event-message>message</a></code>,
- which does not bubble, is cancelable, has no default action,
- and whose <code title=dom-MessageEvent-data><a href=#dom-messageevent-data>data</a></code>
- attribute is set to <var title="">data</var>, and <a href=#queue-a-task>queue a
- task</a> to dispatch it at the <code><a href=#websocket>WebSocket</a></code>
- object. Otherwise, discard the data.</li>
+ <li><p>If <var title="">frame type</var> is 0x00, then <dfn id=a-message-has-been-received>a
+ message has been received</dfn> with text <var title="">data</var>. Otherwise, discard the data.</li>
</ol></dd>
@@ -44703,18 +44781,14 @@
<li><p>Send a 0xff byte to the server.</li>
- </ol><p class=XXX>People often request the ability to send binary
- blobs over this API; also, once the other postMessage() methods
- support it, we should look into allowing name/value pairs, arrays,
- and numbers using postMessage() instead of just strings and binary
- data.</p>
+ </ol><!-- v2: People often request the ability to send binary blobs over
+ this API; we should also look into allowing name/value pairs,
+ arrays, and numbers using postMessage() instead of just strings and
+ binary data. --><h5 id=server-side-requirements><span class=secno>7.3.5.3 </span>Server-side requirements</h5>
-
- <h5 id=server-side-requirements><span class=secno>7.3.4.2 </span>Server-side requirements</h5>
-
<p><em>This section only applies to servers.</em></p> <!-- XXX that's not a defined conformance class -->
- <h6 id=minimal-handshake><span class=secno>7.3.4.2.1 </span>Minimal handshake</h6>
+ <h6 id=minimal-handshake><span class=secno>7.3.5.3.1 </span>Minimal handshake</h6>
<p class=note>This section describes the minimal requirements for
a server-side implementation of Web Sockets.</p>
@@ -44764,7 +44838,7 @@
<p>If the connection isn't dropped at this point, go to the <a href=#ws-sd-framing>data framing</a> section.</p>
- <h6 id=handshake-details><span class=secno>7.3.4.2.2 </span>Handshake details</h6>
+ <h6 id=handshake-details><span class=secno>7.3.5.3.2 </span>Handshake details</h6>
<p>The previous section ignores the data that is transmitted by the
client during the handshake.</p>
@@ -44827,7 +44901,7 @@
</dd>
- </dl><h6 id=ws-sd-framing><span class=secno>7.3.4.2.3 </span>Data framing</h6>
+ </dl><h6 id=ws-sd-framing><span class=secno>7.3.5.3.3 </span>Data framing</h6>
<p class=note>This section only describes how to handle content
that this specification allows user agents to send (text). It
@@ -44845,7 +44919,7 @@
<li><p>Let <var title="">raw data</var> be an empty byte
array.</li>
- <li id=ws-sd-data><p><em>Data</em>: Read a byte, let <var title="">b</var> be that byte.</li>
+ <li id=ws-sd-data><p><i>Data</i>: Read a byte, let <var title="">b</var> be that byte.</li>
<li><p>If <var title="">b</var> is not 0xff, then append <var title="">b</var> to <var title="">raw data</var> and return to the
previous step (labeled <a href=#ws-sd-data><i>data</i></a>).</li>
@@ -44868,7 +44942,7 @@
<li><p>Send a 0xff byte to the client to indicate the end of the
message.</li>
- </ol><h5 id=closing-the-connection><span class=secno>7.3.4.3 </span>Closing the connection</h5>
+ </ol><h5 id=closing-the-connection><span class=secno>7.3.5.4 </span>Closing the connection</h5>
<p>To <dfn id=close-the-web-socket-connection>close the Web Socket connection</dfn>, either the user
agent or the server closes the TCP/IP connection. There is no
@@ -44882,15 +44956,12 @@
<p>User agents should not <a href=#close-the-web-socket-connection>close the Web Socket
connection</a> arbitrarily.</p>
- <p id=closeWebSocket>When the <a href=#web-socket-connection-is-closed>Web Socket connection is
- closed</a>, the <code title=dom-WebSocket-readyState><a href=#dom-websocket-readystate>readyState</a></code> attribute's value
- must be changed to <code title=dom-WebSocket-CLOSED><a href=#dom-websocket-closed>CLOSED</a></code>
- (2), and the user agent must <a href=#queue-a-task>queue a task</a> to <a href=#fire-a-simple-event>fire
- a simple event</a> named <code title=event-WebSocket-close><a href=#event-websocket-close>close</a></code> at the
- <code><a href=#websocket>WebSocket</a></code> object.</p>
+ <h5 id=security-considerations><span class=secno>7.3.5.5 </span>Security considerations</h5>
+ <p class=XXX>...</p>
+
<h3 id=crossDocumentMessages><span class=secno>7.4 </span><dfn>Cross-document messaging</dfn></h3>
<p>Web browsers, for security and privacy reasons, prevent documents
@@ -44908,7 +44979,7 @@
messaging</a> is the <dfn id=posted-message-task-source>posted message task source</dfn>.</p>
- <h4 id=introduction-5><span class=secno>7.4.1 </span>Introduction</h4>
+ <h4 id=introduction-6><span class=secno>7.4.1 </span>Introduction</h4>
<p><em>This section is non-normative.</em></p>
@@ -45166,7 +45237,7 @@
<h3 id=channel-messaging><span class=secno>7.5 </span><dfn>Channel messaging</dfn></h3>
- <h4 id=introduction-6><span class=secno>7.5.1 </span>Introduction</h4>
+ <h4 id=introduction-7><span class=secno>7.5.1 </span>Introduction</h4>
<p><em>This section is non-normative.</em></p>
Modified: source
===================================================================
--- source 2009-01-08 09:58:03 UTC (rev 2637)
+++ source 2009-01-08 23:42:15 UTC (rev 2638)
@@ -50278,17 +50278,68 @@
<p>The <dfn title="dom-WebSocket"><code>WebSocket(<var
title="">url</var>)</code></dfn> constructor takes one argument,
<var title="">url</var>, which specifies the <span>URL</span> to
- which to connect. When a <code>WebSocket</code> object is created,
- the UA must <span title="parse a url">parse</span> this argument and
- verify that the URL parses without failure and has a <span
- title="url-scheme"><scheme></span> component whose value is
- either "<code title="">ws</code>" or "<code title="">wss</code>",
- when compared in an <span>ASCII case-insensitive</span> manner. If
- it does, it has, and it is, then the user agent must asynchronously
- <span>establish a Web Socket connection</span> to <var
- title="">url</var>. Otherwise, the constructor must raise a
- <code>SYNTAX_ERR</code> exception.</p>
+ which to connect. When the <code>WebSocket()</code> constructor is
+ invoked, the UA must run these steps:</p>
+ <ol>
+
+ <li><p><span title="parse a url">Parse</span> the <var
+ title="">url</var> argument.</p></li>
+
+ <li><p>If the previous step failed, or if <var title="">url</var>
+ does not have a <span title="url-scheme"><scheme></span>
+ component whose value is either "<code title="">ws</code>" or
+ "<code title="">wss</code>", when compared in an <span>ASCII
+ case-insensitive</span> manner, then throw a
+ <code>SYNTAX_ERR</code> exception.</p></li>
+
+ <li><p>Return a new <code>WebSocket</code> object, and continue
+ these steps in the background (without blocking scripts).</p></li>
+
+ <li><p>Let <var title="">origin</var> be the <span title="ASCII
+ serialization of an origin">ASCII serialization</span> of the
+ <span>origin</span> of the script that invoked the <code
+ title="dom-WebSocket">WebSocket()</code> constructor.</p></li>
+
+ <li><p>If the <span title="url-scheme"><scheme></span>
+ component of <var title="">url</var> is "<code title="">ws</code>",
+ set <var title="">secure</var> to false; otherwise, the <span
+ title="url-scheme"><scheme></span> component is "<code
+ title="">wss</code>", set <var title="">secure</var> to
+ true.</p></li>
+
+ <li><p>Let <var title="">host</var> be the value of the <span
+ title="url-host"><host></span> component of <var
+ title="">url</var>.</p></li>
+
+ <li><p>If <var title="">url</var> has a <span
+ title="url-port"><port></span> component, then let <var
+ title="">port</var> be that component's value; otherwise, there is
+ no explicit <var title="">port</var>.</p></li>
+
+ <li><p>Let <var title="">resource name</var> be the value of the
+ <span title="url-path"><path></span> component (which might
+ be empty) of <var title="">url</var>.</p></li>
+
+ <li><p>If <var title="">resource name</var> is the empty string,
+ set it to a single character U+002F SOLIDUS (/).</p></li>
+
+ <li><p>If <var title="">url</var> has a <span
+ title="url-query"><query></span> component, then append a
+ single U+003F QUESTION MARK (?) character to <var title="">resource
+ name</var>, followed by the value of the <span
+ title="url-query"><query></span> component.</p></li>
+
+ <li><p><span>Establish a Web Socket connection</span> to a host
+ <var title="">host</var>, on port <var title="">port</var> (if one
+ was specified), from <var title="">origin</var>, with the flag <var
+ title="">secure</var>, and with <var title="">resource name</var>
+ as the resource name.</p></li>
+
+ </ol>
+
+ <hr>
+
<p>The <dfn title="dom-WebSocket-URL"><code>URL</code></dfn>
attribute must return the value that was passed to the
constructor.</p>
@@ -50316,7 +50367,9 @@
<p>When the object is created its <code
title="dom-WebSocket-readyState">readyState</code> must be set to
- <code title="dom-WebSocket-CONNECTING">CONNECTING</code> (0).</p>
+ <code title="dom-WebSocket-CONNECTING">CONNECTING</code> (0). The
+ steps executed when the constructor is invoked change this
+ attribute's value.</p>
<p>The <dfn title="dom-WebSocket-postMessage"><code>postMessage(<var
title="">data</var>)</code></dfn> method transmits data using the
@@ -50386,13 +50439,81 @@
</dl>
- <h4 id="websocket-protocol">The Web Socket protocol</h4>
+ <h4>Feedback from the protocol</h4>
+
+ <p>When the <i>Web Socket connection is established</i>, the user
+ agent must run the following steps:</p>
+
+ <ol>
+
+ <li>
+
+ <p>Change the <code
+ title="dom-WebSocket-readyState">readyState</code> attribute's value
+ to <code title="dom-WebSocket-OPEN">OPEN</code> (1).</p>
+
+ </li>
+
+ <li>
+
+ <p><span>Queue a task</span> to <span>fire a simple event</span>
+ named <code title="event-WebSocket-open">open</code> at the
+ <code>WebSocket</code> object.</p>
+
+ </li>
+
+ </ol>
+
+ <hr>
+
+ <p>When <i>a Web Socket message has been received</i> with text <var
+ title="">data</var>, the user agent must create an event that uses
+ the <code>MessageEvent</code> interface, with the event name <code
+ title="event-message">message</code>, which does not bubble, is
+ cancelable, has no default action, and whose <code
+ title="dom-MessageEvent-data">data</code> attribute is set to <var
+ title="">data</var>, and <span>queue a task</span> to dispatch it at
+ the <code>WebSocket</code> object.</p>
+
+ <hr>
+
+ <p id="closeWebSocket">When the <i>Web Socket connection is
+ closed</i>, the <code
+ title="dom-WebSocket-readyState">readyState</code> attribute's value
+ must be changed to <code title="dom-WebSocket-CLOSED">CLOSED</code>
+ (2), and the user agent must <span>queue a task</span> to <span>fire
+ a simple event</span> named <code
+ title="event-WebSocket-close">close</code> at the
+ <code>WebSocket</code> object.</p>
+
+ <hr>
+
<p>The <span>task source</span> for all <span
title="concept-task">tasks</span> <span title="queue a
- task">queued</span> by algorithms in this section and its
- subsections is the <dfn>Web Socket task source</dfn>.</p>
+ task">queued</span> in this section is the <dfn>Web Socket task
+ source</dfn>.</p>
+
+
+ <h4 id="websocket-protocol" title="This protocol enables two-way
+ communication between a user agent running untrusted code running in
+ a controlled environment to a remote host that understands the
+ protocol. It is intended to fail to communicate with servers of
+ pre-existing protocols like SMTP or HTTP, while allowing HTTP
+ servers to opt-in to supporting this protocol if desired. It is
+ designed to be easy to implement on the server side.">The Web Socket
+ protocol</h4>
+
+ <div class="no-rfc">
+ <p class="note">This section will be extracted into an RFC in due
+ course.</p>
+ </div>
+
+ <h5>Introduction</h5>
+
+ <p class="XXX">...</p>
+
<h5>Client-side requirements</h5>
<p><em>This section only applies to user agents, not to
@@ -50406,59 +50527,36 @@
<h6>Handshake</h6>
<p>When the user agent is to <dfn>establish a Web Socket
- connection</dfn> to <var title="">url</var>, it must run the
- following steps, in the background (without blocking scripts or
- anything like that):</p>
+ connection</dfn> to a host <var title="">host</var>, optionally on
+ port <var title="">port</var>, from an origin <var
+ title="">origin</var>, with a flag <var title="">secure</var>, and
+ with a particular <var title="">resource name</var>, it must run the
+ following steps:</p>
<ol>
- <li id="ws-ua-1"><p><span title="resolve a url">Resolve</span> the
- <span>URL</span> <var title="">url</var>.</p></li> <!-- warning for
- editors: this is referred to as "the first step" by later steps -->
+ <li>
- <li><p>If the <span title="url-scheme"><scheme></span>
- component of the resulting <span>absolute URL</span> is "<code
- title="">ws</code>", set <var title="">secure</var> to false;
- otherwise, the <span title="url-scheme"><scheme></span>
- component is "<code title="">wss</code>", set <var
- title="">secure</var> to true.</p></li>
+ <p>If there is no explicit <var title="">port</var>, then: if <var
+ title="">secure</var> is false, let <var title="">port</var> be 81,
+ otherwise let <var title="">port</var> be 815.</p>
- <li><p>Let <var title="">host</var> be the value of the <span
- title="url-host"><host></span> component in the resulting
- <span>absolute URL</span>.</p></li>
+ </li>
- <li><p>If the resulting <span>absolute URL</span> has a <span
- title="url-port"><port></span> component, then let <var
- title="">port</var> be that component's value; otherwise, if <var
- title="">secure</var> is false, let <var title="">port</var> be 81,
- otherwise let <var title="">port</var> be 815.</p></li>
-
- <li><p>Let <var title="">resource name</var> be the value of the
- <span title="url-path"><path></span> component (which might
- be empty) in the resulting <span>absolute URL</span>.</p></li>
-
- <li><p>If <var title="">resource name</var> is the empty string,
- set it to a single character U+002F SOLIDUS (/).</p></li>
-
- <li><p>If the resulting <span>absolute URL</span> has a <span
- title="url-query"><query></span> component, then append a
- single U+003F QUESTION MARK (?) character to <var title="">resource
- name</var>, followed by the value of the <span
- title="url-query"><query></span> component.</p></li>
-
<li>
<p>If the user agent is configured to use a proxy to connect to
- port <var title="">port</var>, then connect to that proxy and ask
- it to open a TCP/IP connection to the host given by <var
- title="">host</var> and the port given by <var
- title="">port</var>.</p>
+ host <var title="">host</var> and/or port <var
+ title="">port</var>, then connect to that proxy and ask it to open
+ a TCP/IP connection to the host given by <var title="">host</var>
+ and the port given by <var title="">port</var>.</p>
<div class="example">
- <p>For example, if the user agent uses an HTTP proxy, then if it
- was to try to connect to port 80 on server example.com, it might
- send the following lines to the proxy server:</p>
+ <p>For example, if the user agent uses an HTTP proxy for all
+ traffic, then if it was to try to connect to port 80 on server
+ example.com, it might send the following lines to the proxy
+ server:</p>
<pre>CONNECT example.com HTTP/1.1</pre>
@@ -50514,8 +50612,9 @@
<pre>48 6f 73 74 3a 20</pre>
- <p>Send the <var title="">host</var> value, encoded as US-ASCII,
- if it represents a host name (and not an IP address).</p>
+ <p>Send the <var title="">host</var> value, encoded as US-ASCII
+ and <span>converted to lowercase</span>, if it represents a host
+ name (and not an IP address).</p>
<p>Send the following bytes:</p>
@@ -50531,10 +50630,8 @@
<pre>4f 72 69 67 69 6e 3a 20</pre>
- <p>Send the <span title="ASCII serialization of an origin">ASCII
- serialization</span> of the <span>origin</span> of the script that
- invoked the <code title="dom-WebSocket">WebSocket()</code>
- constructor.</p>
+ <p>Send the <var title="">origin</var> value, encoded as US-ASCII
+ and <span>converted to lowercase</span>.</p>
<p>Send the following bytes:</p>
@@ -50547,12 +50644,12 @@
<li>
<p>If the client has any authentication information or cookies
- that would be relevant to a resource with a <span>URL</span> that
- has a scheme of <code title="">http</code> if <var
- title="">secure</var> is false and <code title="">https</code> if
- <var title="">secure</var> is true and is otherwise identical to
- <var title="">url</var>, then HTTP headers that would be
- appropriate for that information should be sent at this point. <a
+ that would be relevant to a resource accessed over HTTP, if <var
+ title="">secure</var> is false, or HTTPS, if it is true, on host
+ <var title="">host</var>, port <var title="">port</var>, with <var
+ title="">resource name</var> as the path (and possibly query
+ parameters), then HTTP headers that would be appropriate for that
+ information should be sent at this point. <a
href="#refsRFC2616">[RFC2616]</a> <a
href="#refsRFC2109">[RFC2109]</a> <a
href="#refsRFC2965">[RFC2965]</a></p>
@@ -50565,10 +50662,17 @@
<div class="example">
<p>For example, if the server had a username and password that
- applied to that URL, it could send:</p>
+ applied to <code title="">http://example.com/socket</code>, and
+ the Web Socket was being opened to <code
+ title="">ws://example.com:80/socket</code>, it could send
+ them:</p>
<pre>Authorization: Basic d2FsbGU6ZXZl</pre>
+ <p>However, it would not send them if the Web Socket was being
+ opened to <code title="">ws://example.com/socket</code>, as that
+ uses a different port (81, not 80).</p>
+
</div>
</li>
@@ -50602,8 +50706,8 @@
string "Upgrade: WebSocket", CRLF, the string
"Connection: Upgrade", CRLF.</p>
- <p class="XXX">What if the response is a 401 asking for
- credentials?</p>
+ <!-- v2 if we ever support the server requiring credentials, this
+ is where it goes -->
</li>
@@ -50785,34 +50889,58 @@
<dt>If the entry's name is "<code
title="">websocket-origin</code>"</dt>
- <dd>If the value is not exactly equal to the <span title="ASCII
- serialization of an origin">ASCII serialization</span> of the
- <span>origin</span> of the script that invoked the <code
- title="dom-WebSocket">WebSocket()</code> constructor, then
+ <dd><p>If the value is not exactly equal to <var
+ title="">origin</var>, <span>converted to lowercase</span>, then
<span>fail the Web Socket connection</span> and abort these
- steps.</dd>
+ steps.</p></dd>
<dt>If the entry's name is "<code
title="">websocket-location</code>"</dt>
- <dd>If the value is not exactly equal to the <span>absolute
- URL</span> that resulted from the <a href="#ws-ua-1">first
- step</a> of ths algorithm, then <span>fail the Web Socket
- connection</span> and abort these steps.</dd>
+ <dd>
+ <p>If the value is not exactly equal to a string consisting of
+ the following components in the same order, then <span>fail the
+ Web Socket connection</span> and abort these steps:</p>
+ <ol>
+
+ <li>The string "<code title="">http</code>" if <var
+ title="">secure</var> is false and "<code
+ title="">https</code>" if <var title="">secure</var> is
+ true</li>
+
+ <li>The three characters "<code title="">://</code>".</li>
+
+ <li>The value of <var title="">host</var>.</li>
+
+ <li>If <var title="">secure</var> is false and <var
+ title="">port</var> is not 81, or if <var title="">secure</var>
+ is true and <var title="">port</var> is not 815: a "<code
+ title="">:</code>" character followed by the value of <var
+ title="">port</var>.</li>
+
+ <li>The value of <var title="">resource name</var>.</li>
+
+ </ol>
+
+ </dd>
+
+
<dt>If the entry's name is "<code title="">set-cookie</code>" or
"<code title="">set-cookie2</code>" or another cookie-related
header name</dt>
- <dd>Handle the cookie as defined by the appropriate spec, except
- pretend that the resource's <span>URL</span> actually has a
- scheme of <code title="">http</code> if <var
+ <dd><p>Handle the cookie as defined by the appropriate spec, with
+ the resource being the one with the host <var
+ title="">host</var>, the port <var title="">port</var>, the path
+ (and possibly query parameters) <var title="">resource
+ name</var>, and the scheme <code title="">http</code> if <var
title="">secure</var> is false and <code title="">https</code> if
- <var title="">secure</var> is true and is otherwise identical to
- <var title="">url</var>. <a href="#refsRFC2109">[RFC2109]</a> <a
- href="#refsRFC2965">[RFC2965]</a></dd>
+ <var title="">secure</var> is true. <a
+ href="#refsRFC2109">[RFC2109]</a> <a
+ href="#refsRFC2965">[RFC2965]</a></p></dd>
<dt>Any other name</dt>
@@ -50825,22 +50953,6 @@
<li>
- <p>Change the <code
- title="dom-WebSocket-readyState">readyState</code> attribute's value
- to <code title="dom-WebSocket-OPEN">OPEN</code> (1).</p>
-
- </li>
-
- <li>
-
- <p><span>Queue a task</span> to <span>fire a simple event</span>
- named <code title="event-WebSocket-open">open</code> at the
- <code>WebSocket</code> object.</p>
-
- </li>
-
- <li>
-
<p>The <dfn>Web Socket connection is established</dfn>. Now the
user agent must send and receive to and from the connection as
described in the next section.</p>
@@ -50853,8 +50965,8 @@
<span>close the Web Socket connection</span>, and may report the
problem to the user (which would be especially useful for
developers). However, user agents must not convey the failure
- information to the script in a way distinguishable from the Web
- Socket being closed normally.</p>
+ information to the script that attempted the connection in a way
+ distinguishable from the Web Socket being closed normally.</p>
<h6>Data framing</h6>
@@ -50945,14 +51057,9 @@
<li><p>Interpret <var title="">raw data</var> as a UTF-8
string, and store that string in <var title="">data</var>.</p>
- <li><p>If <var title="">frame type</var> is 0x00, create an
- event that uses the <code>MessageEvent</code> interface, with
- the event name <code title="event-message">message</code>,
- which does not bubble, is cancelable, has no default action,
- and whose <code title="dom-MessageEvent-data">data</code>
- attribute is set to <var title="">data</var>, and <span>queue a
- task</span> to dispatch it at the <code>WebSocket</code>
- object. Otherwise, discard the data.</p></li>
+ <li><p>If <var title="">frame type</var> is 0x00, then <dfn>a
+ message has been received</dfn> with text <var
+ title="">data</var>. Otherwise, discard the data.</p></li>
</ol>
@@ -50987,13 +51094,13 @@
</ol>
- <p class="XXX">People often request the ability to send binary
- blobs over this API; also, once the other postMessage() methods
- support it, we should look into allowing name/value pairs, arrays,
- and numbers using postMessage() instead of just strings and binary
- data.</p>
+ <!-- v2: People often request the ability to send binary blobs over
+ this API; we should also look into allowing name/value pairs,
+ arrays, and numbers using postMessage() instead of just strings and
+ binary data. -->
+
<h5>Server-side requirements</h5>
<p><em>This section only applies to servers.</em></p> <!-- XXX that's not a defined conformance class -->
@@ -51139,7 +51246,7 @@
<li><p>Let <var title="">raw data</var> be an empty byte
array.</p></li>
- <li id="ws-sd-data"><p><em>Data</em>: Read a byte, let <var
+ <li id="ws-sd-data"><p><i>Data</i>: Read a byte, let <var
title="">b</var> be that byte.</p></li>
<li><p>If <var title="">b</var> is not 0xff, then append <var
@@ -51187,17 +51294,12 @@
<p>User agents should not <span>close the Web Socket
connection</span> arbitrarily.</p>
- <p id="closeWebSocket">When the <span>Web Socket connection is
- closed</span>, the <code
- title="dom-WebSocket-readyState">readyState</code> attribute's value
- must be changed to <code title="dom-WebSocket-CLOSED">CLOSED</code>
- (2), and the user agent must <span>queue a task</span> to <span>fire
- a simple event</span> named <code
- title="event-WebSocket-close">close</code> at the
- <code>WebSocket</code> object.</p>
+ <h5>Security considerations</h5>
+ <p class="XXX">...</p>
+
<h3 id="crossDocumentMessages"><dfn>Cross-document messaging</dfn></h3>
<p>Web browsers, for security and privacy reasons, prevent documents
More information about the Commit-Watchers
mailing list