[whatwg] XMLHttpRequest and HTML5

Ian Hickson ian at hixie.ch
Mon Aug 30 16:58:52 PDT 2010

On Sat, 7 Aug 2010, Anne van Kesteren wrote:
> 1) document.location returns null when there is no browsing context for 
> the Document. document.defaultView needs this too. (It returns null in 
> the implementations I tested.)


> 2) Is there any reason we cannot also use this "no browsing context" 
> clause to define document.cookie rather than having a special type of 
> Document object? Seems much better.

Since the spec is already written... I can see cases where you could have 
a Document that had no browsing context but did have cookies. So...

> 3) And document.domain too, maybe? (There is a difference here currently 
> which is that document.domain just special cases XMLHttpRequest whereas 
> the cookie-free Document object concept also applies to 
> createDocument(). I suspect document.domain should have the same 
> restrictions, but I am not sure. It would be nice however if 
> document.domain did not have to reference XMLHttpRequest.)


> 4) I could not test Internet Explorer but so far only WebKit exposes 
> document.domain in XMLHttpRequest and it does not throw on getting and 
> on setting it throws a SECURITY_ERR (not INVALID_STATE_ERR). If we align 
> with document.cookie as suggested above maybe this should align too and 
> getting should return the empty string and setting should be ignored.


> 5) I think we want to ban document.lastModified too. At least for 
> cross-origin requests and the way we did it elsewhere was to then ban it 
> for same-origin as well. (The HTTP header can be read instead. It also 
> does not seem like a huge loss.)

What's wrong with exposing document.lastModified?

> 6) If you provide some hook or tell me how to do it I can define the 
> origin of the Document returned by responseXML in XMLHttpRequest.

HTML already defines this. Or do you mean we should move that to the XHR 

> If we can do all this that should turn it into a one-way dependency with 
> most definitions being completely self-contained.

I'm not sure it's worth it in the case of the origin thing.

Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

More information about the whatwg mailing list