Web sockets partitioning

This page tests whether a browsers' web-sockets pool is vulnerable to a "pool-party" attack, where sites can use the limited-but-unpartitioned resource pool of web-sockets to communicate across sites.

This test doesn't try and detect cross-site communication directly, only that the current page cannot create as many web-sockets as the browser generally allows (and so, that the resource pool is being correctly partitioned).

The test is successful if the browser is only able to create 10 connections at a time, and can correctly communicate over them, The test fails if the browser cannot create any connections, or can create more than 10 connections. The test should succeed when run on this site and the other version other version of the test site.

In other words, the below test should do all of the following

  • Create 10 connections
  • Each connect is receiving the same messages
  • The table shows an error in the 11th row.
# Created at Last message