[whatwg] XMLHttpRequest and HTML5
Ian Hickson
ian at hixie.ch
Mon Aug 30 16:58:52 PDT 2010
On Sat, 7 Aug 2010, Anne van Kesteren wrote:
>
> 1) document.location returns null when there is no browsing context for
> the Document. document.defaultView needs this too. (It returns null in
> the implementations I tested.)
Done.
> 2) Is there any reason we cannot also use this "no browsing context"
> clause to define document.cookie rather than having a special type of
> Document object? Seems much better.
Since the spec is already written... I can see cases where you could have
a Document that had no browsing context but did have cookies. So...
> 3) And document.domain too, maybe? (There is a difference here currently
> which is that document.domain just special cases XMLHttpRequest whereas
> the cookie-free Document object concept also applies to
> createDocument(). I suspect document.domain should have the same
> restrictions, but I am not sure. It would be nice however if
> document.domain did not have to reference XMLHttpRequest.)
Done.
> 4) I could not test Internet Explorer but so far only WebKit exposes
> document.domain in XMLHttpRequest and it does not throw on getting and
> on setting it throws a SECURITY_ERR (not INVALID_STATE_ERR). If we align
> with document.cookie as suggested above maybe this should align too and
> getting should return the empty string and setting should be ignored.
Done.
> 5) I think we want to ban document.lastModified too. At least for
> cross-origin requests and the way we did it elsewhere was to then ban it
> for same-origin as well. (The HTTP header can be read instead. It also
> does not seem like a huge loss.)
What's wrong with exposing document.lastModified?
> 6) If you provide some hook or tell me how to do it I can define the
> origin of the Document returned by responseXML in XMLHttpRequest.
HTML already defines this. Or do you mean we should move that to the XHR
spec?
> If we can do all this that should turn it into a one-way dependency with
> most definitions being completely self-contained.
I'm not sure it's worth it in the case of the origin thing.
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg
mailing list