[whatwg] WebSocket handshake: 0x0D in first "line"
Simon Pieters
simonp at opera.com
Fri May 7 02:53:04 PDT 2010
establish a WebSocket connection
[[
28. Read bytes from the server until either the connection closes, or a
0x0A byte is read. Let field be these bytes, including the 0x0A byte.
If field is not at least seven bytes long, or if the last two bytes aren't
0x0D and 0x0A respectively, or if it does not contain at least two 0x20
bytes, then fail the WebSocket connection and abort these steps.
User agents may apply a timeout to this step, failing the WebSocket
connection if the server does not send back data in a suitable time period.
29. Let code be the substring of field that starts from the byte after the
first 0x20 byte, and ends with the byte before the second 0x20 byte.
]]
This makes it possible for servers to include 0x0D bytes before and after
the status code, and potentially trick broken clients that aren't so fuzzy
with new lines to misinterpret the handshake. Maybe we should read ahead
to the first 0x0D byte and check if the next byte is 0x0A instead.
--
Simon Pieters
Opera Software
More information about the whatwg
mailing list