[html5] r5045 - [e] (0) remove obsolete warning

[whatwg at whatwg.org]

Author: ianh
Date: 2010-04-14 02:13:47 -0700 (Wed, 14 Apr 2010)
New Revision: 5045

Modified:
   complete.html
   source
Log:
[e] (0) remove obsolete warning

Modified: complete.html
===================================================================
--- complete.html	2010-04-14 09:12:16 UTC (rev 5044)
+++ complete.html	2010-04-14 09:13:47 UTC (rev 5045)
@@ -70764,22 +70764,6 @@
     purposes. Their semantics are equivalent to the semantics of the
     HTTP headers with the same names.</p>
 
-    <p class=warning>If a server reads fields for authentication
-    purposes (such as <code title="">Cookie</code>), or if a server
-    assumes that its clients are authorized on the basis that they can
-    connect (e.g. because they are on an intranet firewalled from the
-    public Internet), then the server should also verify that the
-    client's handshake includes the invariant "Upgrade" and
-    "Connection" parts of the handshake, and should send the server's
-    handshake before changing any user data. Otherwise, an attacker
-    could trick a client into sending WebSocket frames to a server
-    (e.g. using <code>XMLHttpRequest</code>) and cause the server to
-    perform actions on behalf of the user without the user's
-    consent. (Sending the server's handshake ensures that the frames
-    were not sent as part of a cross-protocol attack, since other
-    protocols do not send the necessary components in the client's
-    initial handshake for forming the server's handshake.)</p>
-
    </dd>
 
   </dl><p>Unrecognized fields can be safely ignored, and are probably

Modified: source
===================================================================
--- source	2010-04-14 09:12:16 UTC (rev 5044)
+++ source	2010-04-14 09:13:47 UTC (rev 5045)
@@ -79412,22 +79412,6 @@
     purposes. Their semantics are equivalent to the semantics of the
     HTTP headers with the same names.</p>
 
-    <p class="warning">If a server reads fields for authentication
-    purposes (such as <code title="">Cookie</code>), or if a server
-    assumes that its clients are authorized on the basis that they can
-    connect (e.g. because they are on an intranet firewalled from the
-    public Internet), then the server should also verify that the
-    client's handshake includes the invariant "Upgrade" and
-    "Connection" parts of the handshake, and should send the server's
-    handshake before changing any user data. Otherwise, an attacker
-    could trick a client into sending WebSocket frames to a server
-    (e.g. using <code>XMLHttpRequest</code>) and cause the server to
-    perform actions on behalf of the user without the user's
-    consent. (Sending the server's handshake ensures that the frames
-    were not sent as part of a cross-protocol attack, since other
-    protocols do not send the necessary components in the client's
-    initial handshake for forming the server's handshake.)</p>
-
    </dd>
 
   </dl>