Anne van Kesteren

Disabling the WebSocket protocol

Adam Barth reported on vulnerabilities with the current WebSocket protocol handshake. Reportedly you can poison the cache of transparent/intercepting proxies affecting all users of that proxy. So rather than e.g. you would get a JavaScript file from an attacker. This attack affects Flash and Java as well, but we have higher standards for browsers.

This means that until the new WebSocket protocol handshake is sorted out by the IETF it will be behind a preference in Opera. (The same is true for Firefox.)