[html5] r3360 - [] (0) websocket: Mention the security model in the intro, allow timeouts in con [...]
whatwg at whatwg.org
whatwg at whatwg.org
Mon Jul 6 18:40:31 PDT 2009
Author: ianh
Date: 2009-07-06 18:40:29 -0700 (Mon, 06 Jul 2009)
New Revision: 3360
Modified:
index
source
Log:
[] (0) websocket: Mention the security model in the intro, allow timeouts in connection, be explicit about UTF-8 errors, and some editorial fixes.
Modified: index
===================================================================
--- index 2009-07-07 00:32:44 UTC (rev 3359)
+++ index 2009-07-07 01:40:29 UTC (rev 3360)
@@ -72134,6 +72134,7 @@
Francesco Schwarz,
Franck 'Shift' Quélain,
Frank Barchard,
+ 鵜飼文敏 (Fumitoshi Ukai),
Garrett Smith,
Geoffrey Garen,
Geoffrey Sneddon,
Modified: source
===================================================================
--- source 2009-07-07 00:32:44 UTC (rev 3359)
+++ source 2009-07-07 01:40:29 UTC (rev 3360)
@@ -70219,17 +70219,18 @@
course.</p>
</div>
+
<h5>Introduction</h5>
- <p>The WebSocket protocol is designed on the principle that there
+ <p>The Web Socket protocol is designed on the principle that there
should be minimal framing (the only framing that exists is to make
the protocol frame-based instead of stream-based, and to support a
distinction between Unicode text and binary frames). It is expected
- that metadata would be layered on top of WebSocket by the
+ that metadata would be layered on top of Web Socket by the
application layer, in the same way that metadata is layered on top
of TCP/IP by the application layer (HTTP).</p>
- <p>Conceptually, WebSocket is really just a layer on top of TCP/IP
+ <p>Conceptually, Web Socket is really just a layer on top of TCP/IP
that adds a Web "origin"-based security model for browsers; adds an
addressing and protocol naming mechanism to support multiple
services on one port and multiple host names on one IP address; and
@@ -70241,7 +70242,16 @@
such a way that its servers can share a port with HTTP servers, by
having its handshake be a valid HTTP Upgrade handshake also.</p>
+ <h6>Security model</h6>
+ <p>The Web Socket protocol uses the origin model used by Web
+ browsers to restrict which Web pages can contact a Web Socket server
+ when the Web Socket protocol is used from a Web page. Naturally,
+ when the Web Socket protocol is used directly (not from a Web page),
+ the origin model is not useful, as the client can provide any
+ arbitrary origin string.</p>
+
+
<!--BOILERPLATE middle-ietf-conformance-->
@@ -70491,6 +70501,11 @@
<!-- v2 if we ever support the server requiring credentials, this
is where it goes -->
+ <p>User agents may apply a timeout to this step, <span title="fail
+ the Web Socket connection">failing the Web Socket
+ connection</span> if the server does not respond with the above
+ bytes within a suitable time period.</p>
+
</li>
<li><p>Let <var title="">headers</var> be a list of name-value
@@ -70908,7 +70923,15 @@
binary data. -->
+ <h6>Handling errors in UTF-8</h6>
+ <p>When a client is to interpret a byte stream as UTF-8 but finds
+ that the byte stream is not in fact a valid UTF-8 stream, then any
+ bytes or sequences of bytes that are not valid UTF-8 sequences must
+ be interpreted as a U+FFFD REPLACEMENT CHARACTER.</p>
+
+
+
<h5>Server-side requirements</h5>
<p><em>This section only applies to servers.</em></p> <!-- XXX that's not a defined conformance class -->
@@ -85059,6 +85082,7 @@
Francesco Schwarz,
Franck 'Shift' Quélain,
Frank Barchard,
+ 鵜飼文敏 (Fumitoshi Ukai),
Garrett Smith,
Geoffrey Garen,
Geoffrey Sneddon,
More information about the Commit-Watchers
mailing list