There are a lot of different aspects to WebSocket security.

WebSocket 安全有很多不同的方面。

The snippit from wikipedia that you quoted is referring to the masking of WebSocket client to server data. This is to protect misbehaving intermediaries (e.g. proxies and caches) from accidentally interpreting WebSocket traffic as normal HTTP traffic. The danger here is that the WebSockets protocol could be used to poison the caching intermediary. However, I should note that this was a purely theoretical concern, but it was enough of a concern that Mozilla and Opera were reluctant to ship the Hixie and early HyBi versions of the WebSocket protocol. So the IETF decided to add client to server masking of the data to address the concern.

您引用的维基百科的片段是指 WebSocket 客户端到服务器数据的屏蔽。这是为了防止行为不端的中介（例如代理和缓存）不小心将 WebSocket 流量解释为正常的 HTTP 流量。这里的危险在于 WebSockets 协议可能被用来毒害缓存中介。然而，我应该指出，这纯粹是一个理论上的问题，但 Mozilla 和 Opera 不愿意发布 WebSocket 协议的 Hixie 和早期 HyBi 版本，这已经足够了。因此，IETF 决定将客户端添加到服务器屏蔽数据以解决该问题。

As an aside, the IETF is responsible for the WebSocket protocol (IETF 6455) while the W3C is responsible for the HTML5 WebSocket API (the Javascript object, methods and events).

顺便说一句，IETF 负责 WebSocket 协议 (IETF 6455)，而 W3C 负责 HTML5 WebSocket API（Javascript 对象、方法和事件）。

Another aspect to WebSocket security is cross-origin security. The second snippit you quoted from the W3C WebSocket API spec is related to cross-origin security. WebSockets support cross-origin connections (to a different host that the HTML page was served from). This warning is saying that ifnormal HTTP cross-origin procedures had been used for WebSockets, this would open up a huge security hole. However, the WebSocket procedure is different for exactly this reason. For one thing, the WebSocket handshake and response is designed so that WebSocket connections cannot be made to an HTTP server that does not support WebSocket connections: the server must sign/hash a key in a WebSocket specific way and return this in the handshake response. The second part is that the browser must send an Origin header as part of the handshake (this indicates where the HTML/Javascript was loaded from originally). This allows the server to choose which domains it will allow to originateWebSocket connections.

WebSocket 安全性的另一个方面是跨域安全性。您从 W3C WebSocket API 规范中引用的第二个片段与跨域安全性有关。WebSockets 支持跨域连接（到提供 HTML 页面的不同主机）。这个警告是说，如果WebSockets 已经使用了正常的 HTTP 跨域程序，这将打开一个巨大的安全漏洞。然而，正是因为这个原因，WebSocket 过程是不同的。一方面，WebSocket 握手和响应的设计使得 WebSocket 连接无法与不支持 WebSocket 连接的 HTTP 服务器建立：服务器必须以 WebSocket 特定方式签署/散列密钥，并在握手响应中返回它。第二部分是浏览器必须发送一个 Origin 标头作为握手的一部分（这表明 HTML/Javascript 最初是从哪里加载的）。这允许服务器选择允许发起WebSocket 连接的域。

Finally, there are two WebSocket connection modes: unencrypted (ws://) and encrypted (wss://). The encrypted mode uses TLS/SSL encryption to encrypted all data sent to and from the server (including the initial handshake and response). This is the same encryption mechanism used for HTTPS connections (and uses the same encryption engine in the browser). This prevents third parties from snooping on the data being transferred.

最后，有两种 WebSocket 连接模式：未加密（ws://）和加密（wss://）。加密模式使用 TLS/SSL 加密来加密所有发送到服务器和从服务器发送的数据（包括初始握手和响应）。这与用于 HTTPS 连接的加密机制相同（并在浏览器中使用相同的加密引擎）。这可以防止第三方窥探正在传输的数据。

There are really just two versions of the WebSocket protocol worth knowing about:

实际上只有两个版本的 WebSocket 协议值得了解：

• Hixie76: This version of the protocol added cross-origin security and header hashing/signing. However, due to the way the protocol is designed it is difficult to add support for it to existing web servers. This is the version currently support in iOS (hopefully iOS 6 will finally update to IETF 6455)

• IETF 6455: This is the version of the WebSocket protocol that was standardized by the IETF last November (Nov 2011). It was the culmination of work by the IETF HyBi working group (iterations of the protocol leading up to it were labelled HyBi XX). This is the version supported by current versions of Chrome and Firefox and also by IE 10 and soon Opera.

• Hixie76：此版本的协议添加了跨域安全性和标头散列/签名。但是，由于协议的设计方式，很难将其支持添加到现有的 Web 服务器。这是 iOS 当前支持的版本（希望 iOS 6 最终会更新到 IETF 6455）

• IETF 6455：这是 IETF 去年 11 月（2011 年 11 月）标准化的 WebSocket 协议版本。这是 IETF HyBi 工作组工作的高潮（导致它的协议迭代被标记为 HyBi XX）。这是当前版本的 Chrome 和 Firefox 以及 IE 10 和即将推出的 Opera 支持的版本。

Version hixie-76 of the WebSocket protocol is more secure than earlier versions, and version hybi-07 is even more secure. At hixie-76 version is added protection against fake requests. At hybi-07 version is added message masking.

WebSocket协议的hixie-76版本比之前的版本更安全，hybi-07版本更安全。在 hixie-76 版本中增加了对虚假请求的保护。在 hybi-07 版本中添加了消息屏蔽。