[whatwg] XMLHttpRequest and HTML5

Anne van Kesteren annevk at opera.com
Sat Aug 7 00:13:41 PDT 2010

Ian, if you could tackle the following soonish that would be nice as I try  
to get the test suite for XMLHttpRequest together.

1) document.location returns null when there is no browsing context for  
the Document. document.defaultView needs this too. (It returns null in the  
implementations I tested.)

2) Is there any reason we cannot also use this "no browsing context"  
clause to define document.cookie rather than having a special type of  
Document object? Seems much better.

3) And document.domain too, maybe? (There is a difference here currently  
which is that document.domain just special cases XMLHttpRequest whereas  
the cookie-free Document object concept also applies to createDocument().  
I suspect document.domain should have the same restrictions, but I am not  
sure. It would be nice however if document.domain did not have to  
reference XMLHttpRequest.)

4) I could not test Internet Explorer but so far only WebKit exposes  
document.domain in XMLHttpRequest and it does not throw on getting and on  
setting it throws a SECURITY_ERR (not INVALID_STATE_ERR). If we align with  
document.cookie as suggested above maybe this should align too and getting  
should return the empty string and setting should be ignored.

5) I think we want to ban document.lastModified too. At least for  
cross-origin requests and the way we did it elsewhere was to then ban it  
for same-origin as well. (The HTTP header can be read instead. It also  
does not seem like a huge loss.)

6) If you provide some hook or tell me how to do it I can define the  
origin of the Document returned by responseXML in XMLHttpRequest.

If we can do all this that should turn it into a one-way dependency with  
most definitions being completely self-contained.


Anne van Kesteren

More information about the whatwg mailing list