[html5] r4345 - [e] (0) Update WebSocket protocol abstract to mention the security model. Be cle [...]

whatwg at whatwg.org whatwg at whatwg.org
Tue Oct 27 02:37:44 PDT 2009 

Author: ianh
Date: 2009-10-27 02:37:42 -0700 (Tue, 27 Oct 2009)
New Revision: 4345

Modified:
   complete.html
   source
Log:
[e] (0) Update WebSocket protocol abstract to mention the security model. Be clearer about what ASCII case-insensitive means in the WebSocket protocol.

Modified: complete.html
===================================================================
--- complete.html	2009-10-27 08:19:12 UTC (rev 4344)
+++ complete.html	2009-10-27 09:37:42 UTC (rev 4345)
@@ -941,13 +941,14 @@
      <li><a href=#websocket-protocol title="The Web Sockets protocol enables
   two-way communication between a user agent running untrusted code
   running in a controlled environment to a remote host that has
-  opted-in to communications from that code. The protocol consists of
-  an initial handshake followed by basic message framing, layered over
-  TCP. The goal of this technology is to provide a mechanism for
-  browser-based applications that need two-way communication with
-  servers that does not rely on opening multiple HTTP connections
-  (e.g. using XMLHttpRequest or <iframe>s and long
-  polling)."><span class=secno>10.3.4 </span>The Web Socket protocol</a>
+  opted-in to communications from that code. The security model used
+  for this is the Origin-based security model commonly used by Web
+  browsers. The protocol consists of an initial handshake followed by
+  basic message framing, layered over TCP. The goal of this technology
+  is to provide a mechanism for browser-based applications that need
+  two-way communication with servers that does not rely on opening
+  multiple HTTP connections (e.g. using XMLHttpRequest or
+  <iframe>s and long polling)."><span class=secno>10.3.4 </span>The Web Socket protocol</a>
       <ol>
        <li><a href=#introduction-8><span class=secno>10.3.4.1 </span>Introduction</a>
         <ol>
@@ -66273,13 +66274,14 @@
   <h4 id=websocket-protocol title="The Web Sockets protocol enables
   two-way communication between a user agent running untrusted code
   running in a controlled environment to a remote host that has
-  opted-in to communications from that code. The protocol consists of
-  an initial handshake followed by basic message framing, layered over
-  TCP. The goal of this technology is to provide a mechanism for
-  browser-based applications that need two-way communication with
-  servers that does not rely on opening multiple HTTP connections
-  (e.g. using XMLHttpRequest or <iframe>s and long
-  polling)."><span class=secno>10.3.4 </span>The Web Socket protocol</h4>
+  opted-in to communications from that code. The security model used
+  for this is the Origin-based security model commonly used by Web
+  browsers. The protocol consists of an initial handshake followed by
+  basic message framing, layered over TCP. The goal of this technology
+  is to provide a mechanism for browser-based applications that need
+  two-way communication with servers that does not rely on opening
+  multiple HTTP connections (e.g. using XMLHttpRequest or
+  <iframe>s and long polling)."><span class=secno>10.3.4 </span>The Web Socket protocol</h4>
 
 
   <h5 id=introduction-8><span class=secno>10.3.4.1 </span>Introduction</h5>
@@ -66366,6 +66368,9 @@
   <p>Lines that don't match the above production cause the connection
   to be aborted.</p>
 
+  <p class=note>The character set for the above ABNF is Unicode. The
+  headers themselves are encoded as UTF-8.</p>
+
   <p>Once the client and server have both sent their handshakes, and
   if the handshake was successful, then the data transfer part
   starts. This is a two-way communication channel where each side can,
@@ -66524,10 +66529,9 @@
 
    </li>
 
-   <li><p>If <var title="">url</var> does not have a <a href=#url-scheme title=url-scheme><scheme></a> component whose value is
-   either "<code title="">ws</code>" or "<code title="">wss</code>",
-   when compared in an <a href=#ascii-case-insensitive>ASCII case-insensitive</a> manner,
-   then fail this algorithm.</li>
+   <li><p>If <var title="">url</var> does not have a <a href=#url-scheme title=url-scheme><scheme></a> component whose value,
+   when <a href=#converted-to-ascii-lowercase>converted to ASCII lowercase</a>, is either "<code title="">ws</code>" or "<code title="">wss</code>", then fail this
+   algorithm.</li>
 
    <li><p>If the <a href=#url-scheme title=url-scheme><scheme></a>
    component of <var title="">url</var> is "<code title="">ws</code>",

Modified: source
===================================================================
--- source	2009-10-27 08:19:12 UTC (rev 4344)
+++ source	2009-10-27 09:37:42 UTC (rev 4345)
@@ -74479,13 +74479,14 @@
   <h4 id="websocket-protocol" title="The Web Sockets protocol enables
   two-way communication between a user agent running untrusted code
   running in a controlled environment to a remote host that has
-  opted-in to communications from that code. The protocol consists of
-  an initial handshake followed by basic message framing, layered over
-  TCP. The goal of this technology is to provide a mechanism for
-  browser-based applications that need two-way communication with
-  servers that does not rely on opening multiple HTTP connections
-  (e.g. using XMLHttpRequest or <iframe>s and long
-  polling).">The Web Socket protocol</h4>
+  opted-in to communications from that code. The security model used
+  for this is the Origin-based security model commonly used by Web
+  browsers. The protocol consists of an initial handshake followed by
+  basic message framing, layered over TCP. The goal of this technology
+  is to provide a mechanism for browser-based applications that need
+  two-way communication with servers that does not rely on opening
+  multiple HTTP connections (e.g. using XMLHttpRequest or
+  <iframe>s and long polling).">The Web Socket protocol</h4>
 
 
   <h5>Introduction</h5>
@@ -74582,6 +74583,9 @@
   <p>Lines that don't match the above production cause the connection
   to be aborted.</p>
 
+  <p class="note">The character set for the above ABNF is Unicode. The
+  headers themselves are encoded as UTF-8.</p>
+
   <p>Once the client and server have both sent their handshakes, and
   if the handshake was successful, then the data transfer part
   starts. This is a two-way communication channel where each side can,
@@ -74769,10 +74773,10 @@
    </li>
 
    <li><p>If <var title="">url</var> does not have a <span
-   title="url-scheme"><scheme></span> component whose value is
-   either "<code title="">ws</code>" or "<code title="">wss</code>",
-   when compared in an <span>ASCII case-insensitive</span> manner,
-   then fail this algorithm.</p></li>
+   title="url-scheme"><scheme></span> component whose value,
+   when <span>converted to ASCII lowercase</span>, is either "<code
+   title="">ws</code>" or "<code title="">wss</code>", then fail this
+   algorithm.</p></li>
 
    <li><p>If the <span title="url-scheme"><scheme></span>
    component of <var title="">url</var> is "<code title="">ws</code>",

More information about the Commit-Watchers mailing list