[whatwg] XMLHttpRequest and HTML5
Anne van Kesteren
annevk at opera.com
Sat Aug 7 00:13:41 PDT 2010
Ian, if you could tackle the following soonish that would be nice as I try
to get the test suite for XMLHttpRequest together.
1) document.location returns null when there is no browsing context for
the Document. document.defaultView needs this too. (It returns null in the
implementations I tested.)
2) Is there any reason we cannot also use this "no browsing context"
clause to define document.cookie rather than having a special type of
Document object? Seems much better.
3) And document.domain too, maybe? (There is a difference here currently
which is that document.domain just special cases XMLHttpRequest whereas
the cookie-free Document object concept also applies to createDocument().
I suspect document.domain should have the same restrictions, but I am not
sure. It would be nice however if document.domain did not have to
4) I could not test Internet Explorer but so far only WebKit exposes
document.domain in XMLHttpRequest and it does not throw on getting and on
setting it throws a SECURITY_ERR (not INVALID_STATE_ERR). If we align with
document.cookie as suggested above maybe this should align too and getting
should return the empty string and setting should be ignored.
5) I think we want to ban document.lastModified too. At least for
cross-origin requests and the way we did it elsewhere was to then ban it
for same-origin as well. (The HTTP header can be read instead. It also
does not seem like a huge loss.)
6) If you provide some hook or tell me how to do it I can define the
origin of the Document returned by responseXML in XMLHttpRequest.
If we can do all this that should turn it into a one-way dependency with
most definitions being completely self-contained.
Anne van Kesteren
More information about the whatwg