- From: poot <cvsmail@w3.org>
- Date: Fri, 9 Jan 2009 08:45:55 +0900 (JST)
- To: public-html-diffs@w3.org
Reorganise the WebSocket section in preparation for splitting out the
protocol section. (whatwg r2638)
WebSocket
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1808.html#websocket
7.4.4 Posting messages with message ports
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1808.html#posting-messages-with-message-ports
7.3.5.5 Security considerations
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1808.html#security-considerations
onclosed
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1808.html#handler-websocket-onclosed
disconnect()
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1808.html#dom-websocket-disconnect
7.3.5.3.3 Data framing
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1808.html#ws-sd-framing
URL
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1808.html#dom-websocket-url
7.3.5.2.1 Handshake
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1808.html#handshake
Web Socket task source
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1808.html#web-socket-task-source
Data: Read a byte, let b be that byte.
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1808.html#ws-cd-data
7.5 Channel messaging
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1808.html#channel-messaging
WebSocket(url)
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1808.html#dom-websocket
7.3.5.4 Closing the connection
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1808.html#closing-the-connection
7.3.5.1 Introduction
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1808.html#introduction-5
7.5.2 Message channels
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1808.html#message-channels
readyState
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1808.html#dom-websocket-readystate
MessageChannel
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1808.html#messagechannel
7.3.5.3 Server-side requirements
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1808.html#server-side-requirements
send data using the Web Socket
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1808.html#send-data-using-the-web-socket
Headers processing: If there is not exactly one entry in the headers list whose name is "websocket-origin", or if there is not exactly one entry in the headers list whose name is "websocket-location", or if there are any entries in the headers list whose names are the empty string, then fail the Web Socket connection and abort these steps.
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1808.html#ws-ua-headers-processing
7.4 Cross-document messaging
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1808.html#crossDocumentMessages
7.3.5 The Web Socket protocol
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1808.html#websocket-protocol
CLOSED
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1808.html#dom-websocket-closed
7.3.5.3.2 Handshake details
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1808.html#handshake-details
Web Socket connection is closed
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1808.html#web-socket-connection-is-closed
Data: Read a byte, let b be that byte.
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1808.html#ws-sd-data
7.3.5.2.2 Data framing
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1808.html#data-framing
7.3.4 Feedback from the protocol
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1808.html#feedback-from-the-protocol
posted message task source
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1808.html#posted-message-task-source
fail the Web Socket connection
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1808.html#fail-the-web-socket-connection
When the Web Socket connection is closed, the readyState attribute's value must be changed to CLOSED (2), and the user agent must queue a task to fire a simple event named close at the WebSocket object.
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1808.html#closeWebSocket
a message has been received
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1808.html#a-message-has-been-received
postMessage(data)
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1808.html#dom-websocket-postmessage
http://people.w3.org/mike/diffs/html5/spec/Overview.diff.html
http://dev.w3.org/cvsweb/html5/spec/Overview.html?r1=1.1807&r2=1.1808&f=h
http://html5.org/tools/web-apps-tracker?from=2637&to=2638
===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.1807
retrieving revision 1.1808
diff -u -d -r1.1807 -r1.1808
--- Overview.html 8 Jan 2009 09:58:09 -0000 1.1807
+++ Overview.html 8 Jan 2009 23:42:21 -0000 1.1808
@@ -785,21 +785,31 @@
<li><a href=#network-intro><span class=secno>7.3.1 </span>Introduction</a></li>
<li><a href=#the-websocket-interface><span class=secno>7.3.2 </span>The <code>WebSocket</code> interface</a></li>
<li><a href=#websocket-events><span class=secno>7.3.3 </span>WebSocket Events</a></li>
- <li><a href=#websocket-protocol><span class=secno>7.3.4 </span>The Web Socket protocol</a>
+ <li><a href=#feedback-from-the-protocol><span class=secno>7.3.4 </span>Feedback from the protocol</a></li>
+ <li><a href=#websocket-protocol title="This protocol enables two-way
+ communication between a user agent running untrusted code running in
+ a controlled environment to a remote host that understands the
+ protocol. It is intended to fail to communicate with servers of
+ pre-existing protocols like SMTP or HTTP, while allowing HTTP
+ servers to opt-in to supporting this protocol if desired. It is
+ designed to be easy to implement on the server side."><span class=secno>7.3.5 </span>The Web Socket
+ protocol</a>
<ol>
- <li><a href=#client-side-requirements><span class=secno>7.3.4.1 </span>Client-side requirements</a>
+ <li><a href=#introduction-5><span class=secno>7.3.5.1 </span>Introduction</a></li>
+ <li><a href=#client-side-requirements><span class=secno>7.3.5.2 </span>Client-side requirements</a>
<ol>
- <li><a href=#handshake><span class=secno>7.3.4.1.1 </span>Handshake</a></li>
- <li><a href=#data-framing><span class=secno>7.3.4.1.2 </span>Data framing</a></ol></li>
- <li><a href=#server-side-requirements><span class=secno>7.3.4.2 </span>Server-side requirements</a>
+ <li><a href=#handshake><span class=secno>7.3.5.2.1 </span>Handshake</a></li>
+ <li><a href=#data-framing><span class=secno>7.3.5.2.2 </span>Data framing</a></ol></li>
+ <li><a href=#server-side-requirements><span class=secno>7.3.5.3 </span>Server-side requirements</a>
<ol>
- <li><a href=#minimal-handshake><span class=secno>7.3.4.2.1 </span>Minimal handshake</a></li>
- <li><a href=#handshake-details><span class=secno>7.3.4.2.2 </span>Handshake details</a></li>
- <li><a href=#ws-sd-framing><span class=secno>7.3.4.2.3 </span>Data framing</a></ol></li>
- <li><a href=#closing-the-connection><span class=secno>7.3.4.3 </span>Closing the connection</a></ol></ol></li>
+ <li><a href=#minimal-handshake><span class=secno>7.3.5.3.1 </span>Minimal handshake</a></li>
+ <li><a href=#handshake-details><span class=secno>7.3.5.3.2 </span>Handshake details</a></li>
+ <li><a href=#ws-sd-framing><span class=secno>7.3.5.3.3 </span>Data framing</a></ol></li>
+ <li><a href=#closing-the-connection><span class=secno>7.3.5.4 </span>Closing the connection</a></li>
+ <li><a href=#security-considerations><span class=secno>7.3.5.5 </span>Security considerations</a></ol></ol></li>
<li><a href=#crossDocumentMessages><span class=secno>7.4 </span>Cross-document messaging</a>
<ol>
- <li><a href=#introduction-5><span class=secno>7.4.1 </span>Introduction</a></li>
+ <li><a href=#introduction-6><span class=secno>7.4.1 </span>Introduction</a></li>
<li><a href=#security-5><span class=secno>7.4.2 </span>Security</a>
<ol>
<li><a href=#authors><span class=secno>7.4.2.1 </span>Authors</a></li>
@@ -808,7 +818,7 @@
<li><a href=#posting-messages-with-message-ports><span class=secno>7.4.4 </span>Posting messages with message ports</a></ol></li>
<li><a href=#channel-messaging><span class=secno>7.5 </span>Channel messaging</a>
<ol>
- <li><a href=#introduction-6><span class=secno>7.5.1 </span>Introduction</a></li>
+ <li><a href=#introduction-7><span class=secno>7.5.1 </span>Introduction</a></li>
<li><a href=#message-channels><span class=secno>7.5.2 </span>Message channels</a></li>
<li><a href=#message-ports><span class=secno>7.5.3 </span>Message ports</a>
<ol>
@@ -35493,14 +35503,50 @@
<p>The <dfn id=dom-websocket title=dom-WebSocket><code>WebSocket(<var title="">url</var>)</code></dfn> constructor takes one argument,
<var title="">url</var>, which specifies the <a href=#url>URL</a> to
- which to connect. When a <code><a href=#websocket>WebSocket</a></code> object is created,
- the UA must <a href=#parse-a-url title="parse a url">parse</a> this argument and
- verify that the URL parses without failure and has a <a href=#url-scheme title=url-scheme><scheme></a> component whose value is
- either "<code title="">ws</code>" or "<code title="">wss</code>",
- when compared in an <a href=#ascii-case-insensitive>ASCII case-insensitive</a> manner. If
- it does, it has, and it is, then the user agent must asynchronously
- <a href=#establish-a-web-socket-connection>establish a Web Socket connection</a> to <var title="">url</var>. Otherwise, the constructor must raise a
- <code><a href=#syntax_err>SYNTAX_ERR</a></code> exception.<p>The <dfn id=dom-websocket-url title=dom-WebSocket-URL><code>URL</code></dfn>
+ which to connect. When the <code>WebSocket()</code> constructor is
+ invoked, the UA must run these steps:<ol><li><p><a href=#parse-a-url title="parse a url">Parse</a> the <var title="">url</var> argument.</li>
+
+ <li><p>If the previous step failed, or if <var title="">url</var>
+ does not have a <a href=#url-scheme title=url-scheme><scheme></a>
+ component whose value is either "<code title="">ws</code>" or
+ "<code title="">wss</code>", when compared in an <a href=#ascii-case-insensitive>ASCII
+ case-insensitive</a> manner, then throw a
+ <code><a href=#syntax_err>SYNTAX_ERR</a></code> exception.</li>
+
+ <li><p>Return a new <code><a href=#websocket>WebSocket</a></code> object, and continue
+ these steps in the background (without blocking scripts).</li>
+
+ <li><p>Let <var title="">origin</var> be the <a href=#ascii-serialization-of-an-origin title="ASCII
+ serialization of an origin">ASCII serialization</a> of the
+ <a href=#origin-0>origin</a> of the script that invoked the <code title=dom-WebSocket><a href=#dom-websocket>WebSocket()</a></code> constructor.</li>
+
+ <li><p>If the <a href=#url-scheme title=url-scheme><scheme></a>
+ component of <var title="">url</var> is "<code title="">ws</code>",
+ set <var title="">secure</var> to false; otherwise, the <a href=#url-scheme title=url-scheme><scheme></a> component is "<code title="">wss</code>", set <var title="">secure</var> to
+ true.</li>
+
+ <li><p>Let <var title="">host</var> be the value of the <a href=#url-host title=url-host><host></a> component of <var title="">url</var>.</li>
+
+ <li><p>If <var title="">url</var> has a <a href=#url-port title=url-port><port></a> component, then let <var title="">port</var> be that component's value; otherwise, there is
+ no explicit <var title="">port</var>.</li>
+
+ <li><p>Let <var title="">resource name</var> be the value of the
+ <a href=#url-path title=url-path><path></a> component (which might
+ be empty) of <var title="">url</var>.</li>
+
+ <li><p>If <var title="">resource name</var> is the empty string,
+ set it to a single character U+002F SOLIDUS (/).</li>
+
+ <li><p>If <var title="">url</var> has a <a href=#url-query title=url-query><query></a> component, then append a
+ single U+003F QUESTION MARK (?) character to <var title="">resource
+ name</var>, followed by the value of the <a href=#url-query title=url-query><query></a> component.</li>
+
+ <li><p><a href=#establish-a-web-socket-connection>Establish a Web Socket connection</a> to a host
+ <var title="">host</var>, on port <var title="">port</var> (if one
+ was specified), from <var title="">origin</var>, with the flag <var title="">secure</var>, and with <var title="">resource name</var>
+ as the resource name.</li>
+
+ </ol><hr><p>The <dfn id=dom-websocket-url title=dom-WebSocket-URL><code>URL</code></dfn>
attribute must return the value that was passed to the
constructor.<p>The <dfn id=dom-websocket-readystate title=dom-WebSocket-readyState><code>readyState</code></dfn>
attribute represents the state of the connection. It can have the
@@ -35517,7 +35563,9 @@
<dd>The connection has been closed or could not be opened.</dd>
</dl><p>When the object is created its <code title=dom-WebSocket-readyState><a href=#dom-websocket-readystate>readyState</a></code> must be set to
- <code title=dom-WebSocket-CONNECTING><a href=#dom-websocket-connecting>CONNECTING</a></code> (0).<p>The <dfn id=dom-websocket-postmessage title=dom-WebSocket-postMessage><code>postMessage(<var title="">data</var>)</code></dfn> method transmits data using the
+ <code title=dom-WebSocket-CONNECTING><a href=#dom-websocket-connecting>CONNECTING</a></code> (0). The
+ steps executed when the constructor is invoked change this
+ attribute's value.<p>The <dfn id=dom-websocket-postmessage title=dom-WebSocket-postMessage><code>postMessage(<var title="">data</var>)</code></dfn> method transmits data using the
connection. If the connection is not established (<code title=dom-WebSocket-readyState><a href=#dom-websocket-readystate>readyState</a></code> is not <code title=dom-WebSocket-OPEN><a href=#dom-websocket-open>OPEN</a></code>), it must raise an
<code><a href=#invalid_state_err>INVALID_STATE_ERR</a></code> exception. If the connection
<em>is</em> established, then the user agent must <a href=#send-data-using-the-web-socket>send <var title="">data</var> using the Web Socket</a>.<p>The <dfn id=dom-websocket-disconnect title=dom-WebSocket-disconnect><code>disconnect()</code></dfn>
@@ -35551,51 +35599,69 @@
<dd><p>Must be invoked whenever an <code title=event-WebSocket-closed>closed</code> event is targeted at or
bubbles through the <code><a href=#websocket>WebSocket</a></code> object.</dd>
- </dl><h4 id=websocket-protocol><span class=secno>7.3.4 </span>The Web Socket protocol</h4><p>The <a href=#task-source>task source</a> for all <a href=#concept-task title=concept-task>tasks</a> <a href=#queue-a-task title="queue a
- task">queued</a> by algorithms in this section and its
- subsections is the <dfn id=web-socket-task-source>Web Socket task source</dfn>.<h5 id=client-side-requirements><span class=secno>7.3.4.1 </span>Client-side requirements</h5><p><em>This section only applies to user agents, not to
- servers.</em><p class=note>This specification doesn't currently define a limit
- to the number of simultaneous connections that a client can
- establish to a server.<h6 id=handshake><span class=secno>7.3.4.1.1 </span>Handshake</h6><p>When the user agent is to <dfn id=establish-a-web-socket-connection>establish a Web Socket
- connection</dfn> to <var title="">url</var>, it must run the
- following steps, in the background (without blocking scripts or
- anything like that):<ol><li id=ws-ua-1><p><a href=#resolve-a-url title="resolve a url">Resolve</a> the
- <a href=#url>URL</a> <var title="">url</var>.</li> <!-- warning for
- editors: this is referred to as "the first step" by later steps -->
+ </dl><h4 id=feedback-from-the-protocol><span class=secno>7.3.4 </span>Feedback from the protocol</h4><p>When the <i><a href=#web-socket-connection-is-established>Web Socket connection is established</a></i>, the user
+ agent must run the following steps:<ol><li>
- <li><p>If the <a href=#url-scheme title=url-scheme><scheme></a>
- component of the resulting <a href=#absolute-url>absolute URL</a> is "<code title="">ws</code>", set <var title="">secure</var> to false;
- otherwise, the <a href=#url-scheme title=url-scheme><scheme></a>
- component is "<code title="">wss</code>", set <var title="">secure</var> to true.</li>
+ <p>Change the <code title=dom-WebSocket-readyState><a href=#dom-websocket-readystate>readyState</a></code> attribute's value
+ to <code title=dom-WebSocket-OPEN><a href=#dom-websocket-open>OPEN</a></code> (1).</p>
- <li><p>Let <var title="">host</var> be the value of the <a href=#url-host title=url-host><host></a> component in the resulting
- <a href=#absolute-url>absolute URL</a>.</li>
+ </li>
- <li><p>If the resulting <a href=#absolute-url>absolute URL</a> has a <a href=#url-port title=url-port><port></a> component, then let <var title="">port</var> be that component's value; otherwise, if <var title="">secure</var> is false, let <var title="">port</var> be 81,
- otherwise let <var title="">port</var> be 815.</li>
+ <li>
- <li><p>Let <var title="">resource name</var> be the value of the
- <a href=#url-path title=url-path><path></a> component (which might
- be empty) in the resulting <a href=#absolute-url>absolute URL</a>.</li>
+ <p><a href=#queue-a-task>Queue a task</a> to <a href=#fire-a-simple-event>fire a simple event</a>
+ named <code title=event-WebSocket-open><a href=#event-websocket-open>open</a></code> at the
+ <code><a href=#websocket>WebSocket</a></code> object.</p>
- <li><p>If <var title="">resource name</var> is the empty string,
- set it to a single character U+002F SOLIDUS (/).</li>
+ </li>
- <li><p>If the resulting <a href=#absolute-url>absolute URL</a> has a <a href=#url-query title=url-query><query></a> component, then append a
- single U+003F QUESTION MARK (?) character to <var title="">resource
- name</var>, followed by the value of the <a href=#url-query title=url-query><query></a> component.</li>
+ </ol><hr><p>When <i>a Web Socket message has been received</i> with text <var title="">data</var>, the user agent must create an event that uses
+ the <code><a href=#messageevent>MessageEvent</a></code> interface, with the event name <code title=event-message><a href=#event-message>message</a></code>, which does not bubble, is
+ cancelable, has no default action, and whose <code title=dom-MessageEvent-data><a href=#dom-messageevent-data>data</a></code> attribute is set to <var title="">data</var>, and <a href=#queue-a-task>queue a task</a> to dispatch it at
+ the <code><a href=#websocket>WebSocket</a></code> object.</p><hr><p id=closeWebSocket>When the <i><a href=#web-socket-connection-is-closed>Web Socket connection is
+ closed</a></i>, the <code title=dom-WebSocket-readyState><a href=#dom-websocket-readystate>readyState</a></code> attribute's value
+ must be changed to <code title=dom-WebSocket-CLOSED><a href=#dom-websocket-closed>CLOSED</a></code>
+ (2), and the user agent must <a href=#queue-a-task>queue a task</a> to <a href=#fire-a-simple-event>fire
+ a simple event</a> named <code title=event-WebSocket-close><a href=#event-websocket-close>close</a></code> at the
+ <code><a href=#websocket>WebSocket</a></code> object.</p><hr><p>The <a href=#task-source>task source</a> for all <a href=#concept-task title=concept-task>tasks</a> <a href=#queue-a-task title="queue a
+ task">queued</a> in this section is the <dfn id=web-socket-task-source>Web Socket task
+ source</dfn>.<h4 id=websocket-protocol title="This protocol enables two-way
+ communication between a user agent running untrusted code running in
+ a controlled environment to a remote host that understands the
+ protocol. It is intended to fail to communicate with servers of
+ pre-existing protocols like SMTP or HTTP, while allowing HTTP
+ servers to opt-in to supporting this protocol if desired. It is
+ designed to be easy to implement on the server side."><span class=secno>7.3.5 </span>The Web Socket
+ protocol</h4><div class=no-rfc>
+ <p class=note>This section will be extracted into an RFC in due
+ course.</p>
+ </div><h5 id=introduction-5><span class=secno>7.3.5.1 </span>Introduction</h5><p class=XXX>...<h5 id=client-side-requirements><span class=secno>7.3.5.2 </span>Client-side requirements</h5><p><em>This section only applies to user agents, not to
+ servers.</em><p class=note>This specification doesn't currently define a limit
+ to the number of simultaneous connections that a client can
+ establish to a server.<h6 id=handshake><span class=secno>7.3.5.2.1 </span>Handshake</h6><p>When the user agent is to <dfn id=establish-a-web-socket-connection>establish a Web Socket
+ connection</dfn> to a host <var title="">host</var>, optionally on
+ port <var title="">port</var>, from an origin <var title="">origin</var>, with a flag <var title="">secure</var>, and
+ with a particular <var title="">resource name</var>, it must run the
+ following steps:<ol><li>
+
+ <p>If there is no explicit <var title="">port</var>, then: if <var title="">secure</var> is false, let <var title="">port</var> be 81,
+ otherwise let <var title="">port</var> be 815.</p>
+
+ </li>
<li>
<p>If the user agent is configured to use a proxy to connect to
- port <var title="">port</var>, then connect to that proxy and ask
- it to open a TCP/IP connection to the host given by <var title="">host</var> and the port given by <var title="">port</var>.</p>
+ host <var title="">host</var> and/or port <var title="">port</var>, then connect to that proxy and ask it to open
+ a TCP/IP connection to the host given by <var title="">host</var>
+ and the port given by <var title="">port</var>.</p>
<div class=example>
- <p>For example, if the user agent uses an HTTP proxy, then if it
- was to try to connect to port 80 on server example.com, it might
- send the following lines to the proxy server:</p>
+ <p>For example, if the user agent uses an HTTP proxy for all
+ traffic, then if it was to try to connect to port 80 on server
+ example.com, it might send the following lines to the proxy
+ server:</p>
<pre>CONNECT example.com HTTP/1.1</pre>
@@ -35649,8 +35715,9 @@
<pre>48 6f 73 74 3a 20</pre>
- <p>Send the <var title="">host</var> value, encoded as US-ASCII,
- if it represents a host name (and not an IP address).</p>
+ <p>Send the <var title="">host</var> value, encoded as US-ASCII
+ and <a href=#converted-to-lowercase>converted to lowercase</a>, if it represents a host
+ name (and not an IP address).</p>
<p>Send the following bytes:</p>
@@ -35666,10 +35733,8 @@
<pre>4f 72 69 67 69 6e 3a 20</pre>
- <p>Send the <a href=#ascii-serialization-of-an-origin title="ASCII serialization of an origin">ASCII
- serialization</a> of the <a href=#origin-0>origin</a> of the script that
- invoked the <code title=dom-WebSocket><a href=#dom-websocket>WebSocket()</a></code>
- constructor.</p>
+ <p>Send the <var title="">origin</var> value, encoded as US-ASCII
+ and <a href=#converted-to-lowercase>converted to lowercase</a>.</p>
<p>Send the following bytes:</p>
@@ -35682,11 +35747,10 @@
<li>
<p>If the client has any authentication information or cookies
- that would be relevant to a resource with a <a href=#url>URL</a> that
- has a scheme of <code title="">http</code> if <var title="">secure</var> is false and <code title="">https</code> if
- <var title="">secure</var> is true and is otherwise identical to
- <var title="">url</var>, then HTTP headers that would be
- appropriate for that information should be sent at this point. <a href=#references>[RFC2616]</a> <a href=#references>[RFC2109]</a> <a href=#references>[RFC2965]</a></p>
+ that would be relevant to a resource accessed over HTTP, if <var title="">secure</var> is false, or HTTPS, if it is true, on host
+ <var title="">host</var>, port <var title="">port</var>, with <var title="">resource name</var> as the path (and possibly query
+ parameters), then HTTP headers that would be appropriate for that
+ information should be sent at this point. <a href=#references>[RFC2616]</a> <a href=#references>[RFC2109]</a> <a href=#references>[RFC2965]</a></p>
<p>Each header must be on a line of its own (each ending with a CR
LF sequence). For the purposes of this step, each header must not
@@ -35696,10 +35760,16 @@
<div class=example>
<p>For example, if the server had a username and password that
- applied to that URL, it could send:</p>
+ applied to <code title="">http://example.com/socket</code>, and
+ the Web Socket was being opened to <code title="">ws://example.com:80/socket</code>, it could send
+ them:</p>
<pre>Authorization: Basic d2FsbGU6ZXZl</pre>
+ <p>However, it would not send them if the Web Socket was being
+ opened to <code title="">ws://example.com/socket</code>, as that
+ uses a different port (81, not 80).</p>
+
</div>
</li>
@@ -35733,8 +35803,8 @@
string "Upgrade: WebSocket", CRLF, the string
"Connection: Upgrade", CRLF.</p>
- <p class=XXX>What if the response is a 401 asking for
- credentials?</p>
+ <!-- v2 if we ever support the server requiring credentials, this
+ is where it goes -->
</li>
@@ -35896,52 +35966,50 @@
<dl class=switch><dt>If the entry's name is "<code title="">websocket-origin</code>"</dt>
- <dd>If the value is not exactly equal to the <a href=#ascii-serialization-of-an-origin title="ASCII
- serialization of an origin">ASCII serialization</a> of the
- <a href=#origin-0>origin</a> of the script that invoked the <code title=dom-WebSocket><a href=#dom-websocket>WebSocket()</a></code> constructor, then
+ <dd><p>If the value is not exactly equal to <var title="">origin</var>, <a href=#converted-to-lowercase>converted to lowercase</a>, then
<a href=#fail-the-web-socket-connection>fail the Web Socket connection</a> and abort these
steps.</dd>
<dt>If the entry's name is "<code title="">websocket-location</code>"</dt>
- <dd>If the value is not exactly equal to the <a href=#absolute-url>absolute
- URL</a> that resulted from the <a href=#ws-ua-1>first
- step</a> of ths algorithm, then <a href=#fail-the-web-socket-connection>fail the Web Socket
- connection</a> and abort these steps.</dd>
+ <dd>
+ <p>If the value is not exactly equal to a string consisting of
+ the following components in the same order, then <a href=#fail-the-web-socket-connection>fail the
+ Web Socket connection</a> and abort these steps:</p>
- <dt>If the entry's name is "<code title="">set-cookie</code>" or
- "<code title="">set-cookie2</code>" or another cookie-related
- header name</dt>
+ <ol><li>The string "<code title="">http</code>" if <var title="">secure</var> is false and "<code title="">https</code>" if <var title="">secure</var> is
+ true</li>
- <dd>Handle the cookie as defined by the appropriate spec, except
- pretend that the resource's <a href=#url>URL</a> actually has a
- scheme of <code title="">http</code> if <var title="">secure</var> is false and <code title="">https</code> if
- <var title="">secure</var> is true and is otherwise identical to
- <var title="">url</var>. <a href=#references>[RFC2109]</a> <a href=#references>[RFC2965]</a></dd>
+ <li>The three characters "<code title="">://</code>".</li>
+ <li>The value of <var title="">host</var>.</li>
- <dt>Any other name</dt>
+ <li>If <var title="">secure</var> is false and <var title="">port</var> is not 81, or if <var title="">secure</var>
+ is true and <var title="">port</var> is not 815: a "<code title="">:</code>" character followed by the value of <var title="">port</var>.</li>
- <dd>Ignore it.</dd>
+ <li>The value of <var title="">resource name</var>.</li>
- </dl></li>
+ </ol></dd>
- <li>
- <p>Change the <code title=dom-WebSocket-readyState><a href=#dom-websocket-readystate>readyState</a></code> attribute's value
- to <code title=dom-WebSocket-OPEN><a href=#dom-websocket-open>OPEN</a></code> (1).</p>
+ <dt>If the entry's name is "<code title="">set-cookie</code>" or
+ "<code title="">set-cookie2</code>" or another cookie-related
+ header name</dt>
- </li>
+ <dd><p>Handle the cookie as defined by the appropriate spec, with
+ the resource being the one with the host <var title="">host</var>, the port <var title="">port</var>, the path
+ (and possibly query parameters) <var title="">resource
+ name</var>, and the scheme <code title="">http</code> if <var title="">secure</var> is false and <code title="">https</code> if
+ <var title="">secure</var> is true. <a href=#references>[RFC2109]</a> <a href=#references>[RFC2965]</a></dd>
- <li>
- <p><a href=#queue-a-task>Queue a task</a> to <a href=#fire-a-simple-event>fire a simple event</a>
- named <code title=event-WebSocket-open><a href=#event-websocket-open>open</a></code> at the
- <code><a href=#websocket>WebSocket</a></code> object.</p>
+ <dt>Any other name</dt>
- </li>
+ <dd>Ignore it.</dd>
+
+ </dl></li>
<li>
@@ -35955,8 +36023,8 @@
<a href=#close-the-web-socket-connection>close the Web Socket connection</a>, and may report the
problem to the user (which would be especially useful for
developers). However, user agents must not convey the failure
- information to the script in a way distinguishable from the Web
- Socket being closed normally.<h6 id=data-framing><span class=secno>7.3.4.1.2 </span>Data framing</h6><p>Once a <a href=#web-socket-connection-is-established>Web Socket connection is established</a>, the
+ information to the script that attempted the connection in a way
+ distinguishable from the Web Socket being closed normally.<h6 id=data-framing><span class=secno>7.3.5.2.2 </span>Data framing</h6><p>Once a <a href=#web-socket-connection-is-established>Web Socket connection is established</a>, the
user agent must run through the following state machine for the
bytes sent by the server.<ol><li>
@@ -36023,14 +36091,8 @@
<li><p>Interpret <var title="">raw data</var> as a UTF-8
string, and store that string in <var title="">data</var>.</p>
- <li><p>If <var title="">frame type</var> is 0x00, create an
- event that uses the <code><a href=#messageevent>MessageEvent</a></code> interface, with
- the event name <code title=event-message><a href=#event-message>message</a></code>,
- which does not bubble, is cancelable, has no default action,
- and whose <code title=dom-MessageEvent-data><a href=#dom-messageevent-data>data</a></code>
- attribute is set to <var title="">data</var>, and <a href=#queue-a-task>queue a
- task</a> to dispatch it at the <code><a href=#websocket>WebSocket</a></code>
- object. Otherwise, discard the data.</li>
+ <li><p>If <var title="">frame type</var> is 0x00, then <dfn id=a-message-has-been-received>a
+ message has been received</dfn> with text <var title="">data</var>. Otherwise, discard the data.</li>
</ol></dd>
@@ -36048,11 +36110,10 @@
<li><p>Send a 0xff byte to the server.</li>
- </ol><p class=XXX>People often request the ability to send binary
- blobs over this API; also, once the other postMessage() methods
- support it, we should look into allowing name/value pairs, arrays,
- and numbers using postMessage() instead of just strings and binary
- data.<h5 id=server-side-requirements><span class=secno>7.3.4.2 </span>Server-side requirements</h5><p><em>This section only applies to servers.</em></p><!-- XXX that's not a defined conformance class --><h6 id=minimal-handshake><span class=secno>7.3.4.2.1 </span>Minimal handshake</h6><p class=note>This section describes the minimal requirements for
+ </ol><!-- v2: People often request the ability to send binary blobs over
+ this API; we should also look into allowing name/value pairs,
+ arrays, and numbers using postMessage() instead of just strings and
+ binary data. --><h5 id=server-side-requirements><span class=secno>7.3.5.3 </span>Server-side requirements</h5><p><em>This section only applies to servers.</em></p><!-- XXX that's not a defined conformance class --><h6 id=minimal-handshake><span class=secno>7.3.5.3.1 </span>Minimal handshake</h6><p class=note>This section describes the minimal requirements for
a server-side implementation of Web Sockets.<p>Listen on a port for TCP/IP. Upon receiving a connection request,
open a connection and send the following bytes back to the
client:<pre>48 54 54 50 2f 31 2e 31 20 31 30 31 20 57 65 62
@@ -36079,7 +36140,7 @@
<pre>WebSocket-Location: ws://example.com:80/demo</pre>
</div><p>Send another CRLF pair (0x0d 0x0a).<p>Read (and discard) data from the client until four bytes 0x0d
- 0x0a 0x0d 0x0a are read.<p>If the connection isn't dropped at this point, go to the <a href=#ws-sd-framing>data framing</a> section.<h6 id=handshake-details><span class=secno>7.3.4.2.2 </span>Handshake details</h6><p>The previous section ignores the data that is transmitted by the
+ 0x0a 0x0d 0x0a are read.<p>If the connection isn't dropped at this point, go to the <a href=#ws-sd-framing>data framing</a> section.<h6 id=handshake-details><span class=secno>7.3.5.3.2 </span>Handshake details</h6><p>The previous section ignores the data that is transmitted by the
client during the handshake.<p>The data sent by the client consists of a number of fields
separated by CR LF pairs (bytes 0x0d 0x0a).<p>The first field consists of three tokens separated by space
characters (byte 0x20). The middle token is the path being
@@ -36132,7 +36193,7 @@
</dd>
- </dl><h6 id=ws-sd-framing><span class=secno>7.3.4.2.3 </span>Data framing</h6><p class=note>This section only describes how to handle content
+ </dl><h6 id=ws-sd-framing><span class=secno>7.3.5.3.3 </span>Data framing</h6><p class=note>This section only describes how to handle content
that this specification allows user agents to send (text). It
doesn't handle any arbitrary content in the same way that the
requirements on user agents defined earlier handle any content
@@ -36144,7 +36205,7 @@
<li><p>Let <var title="">raw data</var> be an empty byte
array.</li>
- <li id=ws-sd-data><p><em>Data</em>: Read a byte, let <var title="">b</var> be that byte.</li>
+ <li id=ws-sd-data><p><i>Data</i>: Read a byte, let <var title="">b</var> be that byte.</li>
<li><p>If <var title="">b</var> is not 0xff, then append <var title="">b</var> to <var title="">raw data</var> and return to the
previous step (labeled <a href=#ws-sd-data><i>data</i></a>).</li>
@@ -36165,18 +36226,13 @@
<li><p>Send a 0xff byte to the client to indicate the end of the
message.</li>
- </ol><h5 id=closing-the-connection><span class=secno>7.3.4.3 </span>Closing the connection</h5><p>To <dfn id=close-the-web-socket-connection>close the Web Socket connection</dfn>, either the user
+ </ol><h5 id=closing-the-connection><span class=secno>7.3.5.4 </span>Closing the connection</h5><p>To <dfn id=close-the-web-socket-connection>close the Web Socket connection</dfn>, either the user
agent or the server closes the TCP/IP connection. There is no
closing handshake. Whether the user agent or the server closes the
connection, it is said that the <dfn id=web-socket-connection-is-closed>Web Socket connection is
closed</dfn>.<p>Servers may <a href=#close-the-web-socket-connection>close the Web Socket connection</a> whenever
desired.<p>User agents should not <a href=#close-the-web-socket-connection>close the Web Socket
- connection</a> arbitrarily.<p id=closeWebSocket>When the <a href=#web-socket-connection-is-closed>Web Socket connection is
- closed</a>, the <code title=dom-WebSocket-readyState><a href=#dom-websocket-readystate>readyState</a></code> attribute's value
- must be changed to <code title=dom-WebSocket-CLOSED><a href=#dom-websocket-closed>CLOSED</a></code>
- (2), and the user agent must <a href=#queue-a-task>queue a task</a> to <a href=#fire-a-simple-event>fire
- a simple event</a> named <code title=event-WebSocket-close><a href=#event-websocket-close>close</a></code> at the
- <code><a href=#websocket>WebSocket</a></code> object.<h3 id=crossDocumentMessages><span class=secno>7.4 </span><dfn>Cross-document messaging</dfn></h3><p>Web browsers, for security and privacy reasons, prevent documents
+ connection</a> arbitrarily.<h5 id=security-considerations><span class=secno>7.3.5.5 </span>Security considerations</h5><p class=XXX>...<h3 id=crossDocumentMessages><span class=secno>7.4 </span><dfn>Cross-document messaging</dfn></h3><p>Web browsers, for security and privacy reasons, prevent documents
in different domains from affecting each other; that is, cross-site
scripting is disallowed.<p>While this is an important security feature, it prevents pages
from different domains from communicating even when those pages are
@@ -36184,7 +36240,7 @@
documents to communicate with each other regardless of their source
domain, in a way designed to not enable cross-site scripting
attacks.<p>The <a href=#task-source>task source</a> for the <a href=#concept-task title=concept-task>tasks</a> in <a href=#crossDocumentMessages>cross-document
- messaging</a> is the <dfn id=posted-message-task-source>posted message task source</dfn>.<h4 id=introduction-5><span class=secno>7.4.1 </span>Introduction</h4><p><em>This section is non-normative.</em><div class=example>
+ messaging</a> is the <dfn id=posted-message-task-source>posted message task source</dfn>.<h4 id=introduction-6><span class=secno>7.4.1 </span>Introduction</h4><p><em>This section is non-normative.</em><div class=example>
<p>For example, if document A contains an <code><a href=#the-iframe-element>iframe</a></code>
element that contains document B, and script in document A calls
@@ -36404,7 +36460,7 @@
previous section.</p><!-- XXX merge this section and the previous section when
implementations have shipped postMessage(). Anne asked that these
sections be kept separate so that implementors can avoid getting
- confused with the 'port' step. --><h3 id=channel-messaging><span class=secno>7.5 </span><dfn>Channel messaging</dfn></h3><h4 id=introduction-6><span class=secno>7.5.1 </span>Introduction</h4><p><em>This section is non-normative.</em><p class=XXX>An introduction to the channel and port
+ confused with the 'port' step. --><h3 id=channel-messaging><span class=secno>7.5 </span><dfn>Channel messaging</dfn></h3><h4 id=introduction-7><span class=secno>7.5.1 </span>Introduction</h4><p><em>This section is non-normative.</em><p class=XXX>An introduction to the channel and port
APIs.<h4 id=message-channels><span class=secno>7.5.2 </span>Message channels</h4><pre class=idl>[<a href=#dom-messagechannel title=dom-MessageChannel>Constructor</a>]
interface <dfn id=messagechannel>MessageChannel</dfn> {
readonly attribute <a href=#messageport>MessagePort</a> <a href=#dom-channel-port1 title=dom-channel-port1>port1</a>;
Received on Thursday, 8 January 2009 23:46:37 UTC