Annotation of 2006/webapi/XMLHttpRequest/Overview.html, revision 1.287

1.1       avankest    1: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">
1.2       avankest    2: 
1.25      avankest    3: <html lang=en-US>
1.1       avankest    4:  <head>
1.209     avankest    5:   <title>XMLHttpRequest</title>
1.2       avankest    6: 
1.20      avankest    7:   <style type="text/css">
1.118     avankest    8:    pre.idl { border:solid thin; background:#eee; color:#000; padding:0.5em }
1.20      avankest    9:    pre.idl :link, pre.idl :visited { color:inherit; background:transparent }
1.60      avankest   10:    pre code { color:inherit; background:transparent }
1.20      avankest   11:    div.example { margin-left:1em; padding-left:1em; border-left:double; color:#222; background:#fcfcfc }
1.90      avankest   12:    .note { margin-left:2em; font-weight:bold; font-style:italic; color:#008000 }
1.20      avankest   13:    p.note::before { content:"Note: " }
1.205     avankest   14:    .XXX { padding:.5em; border:solid #f00 }
                     15:    p.XXX::before { content:"Issue: " }
1.120     avankest   16:    dl.switch { padding-left:2em }
1.250     avankest   17:    dl.switch > dt { text-indent:-1.5em }
                     18:    dl.switch > dt:before { content:'\21AA'; padding:0 0.5em 0 0; display:inline-block; width:1em; text-align:right; line-height:0.5em }
1.274     avankest   19:    dl.domintro { color: green; margin: 2em 0 2em 2em; padding: 0.5em 1em; border: none; background: #DDFFDD; }
                     20:    dl.domintro dt, dl.domintro dt * { color: black; text-decoration: none; }
                     21:    dl.domintro dd { margin: 0.5em 0 1em 2em; padding: 0; }
                     22:    dl.domintro dd p { margin: 0.5em 0; }
                     23:    dl.domintro:before { display: table; margin: -1em -0.5em -0.5em auto; width: auto; content: 'This box is non-normative. Implementation requirements are given below this box.'; color: red; border: solid 2px; background: white; padding: 0 0.25em; }
1.232     avankest   24:    em.ct { text-transform:lowercase; font-variant:small-caps; font-style:normal }
                     25:    dfn { font-weight:bold; font-style:normal }
                     26:    code { color:orangered }
                     27:    code :link, code :visited { color:inherit }
                     28:    hr:not(.top) { display:block; background:none; border:none; padding:0; margin:2em 0; height:auto }
                     29:    table { border-collapse:collapse; border-style:hidden hidden none hidden }
                     30:    table thead { border-bottom:solid }
                     31:    table tbody th:first-child { border-left:solid }
                     32:    table td, table th { border-left:solid; border-right:solid; border-bottom:solid thin; vertical-align:top; padding:0.2em }
                     33:   </style>
1.248     avankest   34:   <link href="http://www.w3.org/StyleSheets/TR/W3C-ED" rel=stylesheet>
1.2       avankest   35: 
1.1       avankest   36:  <body>
1.25      avankest   37:   <div class=head>
                     38:    <p><a href="http://www.w3.org/"><img alt=W3C height=48
                     39:     src="http://www.w3.org/Icons/w3c_home" width=72></a></p>
1.2       avankest   40: 
1.231     avankest   41:    <h1 class=head id=the-xmlhttprequest-object>XMLHttpRequest</h1>
1.2       avankest   42: 
1.287   ! avankest   43:    <h2 class="no-num no-toc" id=w3c-doctype>Editor's Draft 5 July 2010</h2>
1.2       avankest   44: 
1.1       avankest   45:    <dl>
1.154     avankest   46:     <dt>This Version:
1.2       avankest   47: 
                     48:     <dd><a
1.287   ! avankest   49:      href="http://www.w3.org/TR/2010/ED-XMLHttpRequest-20100705/">http://www.w3.org/TR/2010/ED-XMLHttpRequest-20100705/</a>
1.2       avankest   50: 
1.14      avankest   51:     <dt>Latest Version:
1.2       avankest   52: 
                     53:     <dd><a
                     54:      href="http://www.w3.org/TR/XMLHttpRequest/">http://www.w3.org/TR/XMLHttpRequest/</a>
                     55: 
1.190     avankest   56:     <dt>Latest Editor Version:
                     57: 
                     58:     <dd><a
                     59:      href="http://dev.w3.org/2006/webapi/XMLHttpRequest/">http://dev.w3.org/2006/webapi/XMLHttpRequest/</a>
                     60: 
1.14      avankest   61:     <dt>Previous Versions:
1.2       avankest   62: 
                     63:     <dd><a
1.233     avankest   64:      href="http://www.w3.org/TR/2009/WD-XMLHttpRequest-20090820/">http://www.w3.org/TR/2009/WD-XMLHttpRequest-20090820/</a>
                     65: 
                     66:     <dd><a
1.174     avankest   67:      href="http://www.w3.org/TR/2008/WD-XMLHttpRequest-20080415/">http://www.w3.org/TR/2008/WD-XMLHttpRequest-20080415/</a>
                     68: 
                     69:     <dd><a
1.155     avankest   70:      href="http://www.w3.org/TR/2007/WD-XMLHttpRequest-20071026/">http://www.w3.org/TR/2007/WD-XMLHttpRequest-20071026/</a>
                     71: 
                     72:     <dd><a
1.134     avankest   73:      href="http://www.w3.org/TR/2007/WD-XMLHttpRequest-20070618/">http://www.w3.org/TR/2007/WD-XMLHttpRequest-20070618/</a>
                     74: 
                     75:     <dd><a
1.60      avankest   76:      href="http://www.w3.org/TR/2007/WD-XMLHttpRequest-20070227/">http://www.w3.org/TR/2007/WD-XMLHttpRequest-20070227/</a>
                     77: 
                     78:     <dd><a
1.25      avankest   79:      href="http://www.w3.org/TR/2006/WD-XMLHttpRequest-20060927/">http://www.w3.org/TR/2006/WD-XMLHttpRequest-20060927/</a>
                     80: 
                     81:     <dd><a
1.2       avankest   82:      href="http://www.w3.org/TR/2006/WD-XMLHttpRequest-20060619/">http://www.w3.org/TR/2006/WD-XMLHttpRequest-20060619/</a>
                     83: 
                     84:     <dd><a
                     85:      href="http://www.w3.org/TR/2006/WD-XMLHttpRequest-20060405/">http://www.w3.org/TR/2006/WD-XMLHttpRequest-20060405/</a>
                     86: 
                     87:     <dt>Editor:
                     88: 
                     89:     <dd><a href="http://annevankesteren.nl/">Anne van Kesteren</a> (<a
                     90:      href="http://www.opera.com/">Opera Software ASA</a>) &lt;<a
                     91:      href="mailto:annevk@opera.com">annevk@opera.com</a>&gt;
1.1       avankest   92:    </dl>
1.2       avankest   93: 
1.25      avankest   94:    <p class=copyright><a
1.2       avankest   95:     href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a>
1.231     avankest   96:     &copy; 2009 <a href="http://www.w3.org/"><acronym title="World Wide Web
1.53      avankest   97:     Consortium">W3C</acronym></a><sup>&reg;</sup> (<a
                     98:     href="http://www.csail.mit.edu/"><acronym title="Massachusetts Institute
                     99:     of Technology">MIT</acronym></a>, <a
                    100:     href="http://www.ercim.org/"><acronym title="European Research Consortium
                    101:     for Informatics and Mathematics">ERCIM</acronym></a>, <a
1.2       avankest  102:     href="http://www.keio.ac.jp/">Keio</a>), All Rights Reserved. W3C <a
                    103:     href="http://www.w3.org/Consortium/Legal/ipr-notice#Legal_Disclaimer">liability</a>,
                    104:     <a
                    105:     href="http://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a>
                    106:     and <a
                    107:     href="http://www.w3.org/Consortium/Legal/copyright-documents">document
                    108:     use</a> rules apply.</p>
1.1       avankest  109:   </div>
1.2       avankest  110: 
                    111:   <hr>
                    112: 
1.25      avankest  113:   <h2 class="no-num no-toc" id=specabstract>Abstract</h2>
1.2       avankest  114: 
1.231     avankest  115:   <p>The XMLHttpRequest specification defines an API that provides scripted
                    116:    client functionality for transferring data between a client and a server.
1.25      avankest  117: 
                    118:   <h2 class="no-num no-toc" id=sotd>Status of this Document</h2>
1.2       avankest  119: 
                    120:   <p><em>This section describes the status of this document at the time of
                    121:    its publication. Other documents may supersede this document. A list of
                    122:    current W3C publications and the latest revision of this technical report
                    123:    can be found in the <a href="http://www.w3.org/TR/">W3C technical reports
1.173     avankest  124:    index</a> at http://www.w3.org/TR/.</em>
1.2       avankest  125: 
1.287   ! avankest  126:   <p>This is the 5 July 2010 <!--Last Call Working Draft-->Editor's Draft of
1.270     avankest  127:    XMLHttpRequest. Please send comments to <a
1.250     avankest  128:    href="mailto:public-webapps@w3.org?subject=[XHR]%20">public-webapps@w3.org</a>
                    129:    (<a
1.209     avankest  130:    href="http://lists.w3.org/Archives/Public/public-webapps/">archived</a>)
1.250     avankest  131:    with <samp>[XHR]</samp> at the start of the subject line.
1.49      avankest  132: 
                    133:   <p>This document is produced by the <a
1.209     avankest  134:    href="http://www.w3.org/2008/webapps/">Web Applications</a> (WebApps)
1.250     avankest  135:    Working Group. The WebApps Working Group is part of the <a
1.209     avankest  136:    href="http://www.w3.org/2006/rwc/Activity">Rich Web Clients Activity</a>
                    137:    in the W3C <a href="http://www.w3.org/Interaction/">Interaction
1.250     avankest  138:    Domain</a>.
1.2       avankest  139: 
                    140:   <p>This document was produced by a group operating under the <a
                    141:    href="http://www.w3.org/Consortium/Patent-Policy-20040205/">5 February
1.54      avankest  142:    2004 W3C Patent Policy</a>. W3C maintains a <a
1.209     avankest  143:    href="http://www.w3.org/2004/01/pp-impl/42538/status"
1.25      avankest  144:    rel=disclosure>public list of any patent disclosures</a> made in
1.2       avankest  145:    connection with the deliverables of the group; that page also includes
                    146:    instructions for disclosing a patent. An individual who has actual
                    147:    knowledge of a patent which the individual believes contains <a
                    148:    href="http://www.w3.org/Consortium/Patent-Policy-20040205/#def-essential">Essential
                    149:    Claim(s)</a> must disclose the information in accordance with <a
                    150:    href="http://www.w3.org/Consortium/Patent-Policy-20040205/#sec-Disclosure">section
                    151:    6 of the W3C Patent Policy</a>.
                    152: 
1.250     avankest  153:   <p>Publication as a Working Draft does not imply endorsement by the W3C
                    154:    Membership. This is a draft document and may be updated, replaced or
                    155:    obsoleted by other documents at any time. It is inappropriate to cite this
                    156:    document as other than work in progress.
                    157: 
1.273     avankest  158:   <h3 class="no-num no-toc" id=crec>Candidate Recommendation Exit Criteria</h3>
                    159: 
                    160:   <p>To exit the Candidate Recommendation (CR) stage the following criteria
                    161:    <em class=ct>must</em> have been met:
                    162: 
                    163:   <ol>
                    164:    <li>There will be at least two interoperable implementations passing all
                    165:     test cases in the test suite for this specification. An implementation is
                    166:     to be available (i.e. for download), shipping (i.e. not private), and not
                    167:     experimental (i.e. intended for a wide audience). The working group will
                    168:     decide when the test suite is of sufficient quality to test
                    169:     interoperability.
                    170: 
                    171:    <li>A minimum of six months of the CR stage will have elapsed. This is to
                    172:     ensure that enough time is given for any remaining major errors to be
                    173:     caught. The CR period will be extended if implementations are slow to
                    174:     appear.
1.287   ! avankest  175: 
        !           176:    <li>A document exists that explains the security considerations for this
        !           177:     specification. This may be done in a generic manner as they are most
        !           178:     likely applicable to various APIs. The working group will decide whether
        !           179:     the document is of sufficient quality.
1.273     avankest  180:   </ol>
                    181: 
                    182:   <p>An update to this draft will point to the test suite.
                    183: 
1.25      avankest  184:   <h2 class="no-num no-toc" id=toc>Table of Contents</h2>
1.2       avankest  185:   <!--begin-toc-->
                    186: 
1.25      avankest  187:   <ul class=toc>
1.248     avankest  188:    <li><a href="#introduction"><span class=secno>1. </span>Introduction</a>
1.154     avankest  189: 
1.250     avankest  190:    <li><a href="#conformance"><span class=secno>2. </span>Conformance
                    191:     Criteria</a>
1.25      avankest  192:     <ul class=toc>
1.248     avankest  193:      <li><a href="#dependencies"><span class=secno>2.1.
1.154     avankest  194:       </span>Dependencies</a>
1.2       avankest  195: 
1.248     avankest  196:      <li><a href="#terminology"><span class=secno>2.2. </span>Terminology</a>
                    197:       
1.81      avankest  198: 
1.248     avankest  199:      <li><a href="#extensibility"><span class=secno>2.3.
1.154     avankest  200:       </span>Extensibility</a>
                    201:     </ul>
1.81      avankest  202: 
1.250     avankest  203:    <li><a href="#the-xmlhttprequest-interface"><span class=secno>3.
1.248     avankest  204:     </span>The <code title="">XMLHttpRequest</code> Interface</a>
1.25      avankest  205:     <ul class=toc>
1.250     avankest  206:      <li><a href="#origin-and-base-url"><span class=secno>3.1. </span>Origin
1.205     avankest  207:       and Base URL</a>
1.33      avankest  208: 
1.250     avankest  209:      <li><a href="#task-sources"><span class=secno>3.2. </span>Task
1.205     avankest  210:       Sources</a>
                    211: 
1.250     avankest  212:      <li><a href="#constructors"><span class=secno>3.3.
1.213     avankest  213:       </span>Constructors</a>
1.205     avankest  214: 
1.250     avankest  215:      <li><a href="#event-handler-attributes"><span class=secno>3.4.
1.207     avankest  216:       </span>Event Handler Attributes</a>
1.205     avankest  217: 
1.250     avankest  218:      <li><a href="#states"><span class=secno>3.5. </span>States</a>
1.205     avankest  219: 
1.250     avankest  220:      <li><a href="#request"><span class=secno>3.6. </span>Request</a>
1.205     avankest  221:       <ul class=toc>
1.250     avankest  222:        <li><a href="#the-open-method"><span class=secno>3.6.1. </span>The
1.205     avankest  223:         <code title="">open()</code> method</a>
                    224: 
1.250     avankest  225:        <li><a href="#the-setrequestheader-method"><span class=secno>3.6.2.
1.205     avankest  226:         </span>The <code title="">setRequestHeader()</code> method</a>
                    227: 
1.250     avankest  228:        <li><a href="#the-send-method"><span class=secno>3.6.3. </span>The
1.205     avankest  229:         <code title="">send()</code> method</a>
                    230: 
1.214     avankest  231:        <li><a href="#infrastructure-for-the-send-method"><span
1.250     avankest  232:         class=secno>3.6.4. </span>Infrastructure for the <code
1.214     avankest  233:         title="">send()</code> method</a>
                    234: 
1.250     avankest  235:        <li><a href="#the-abort-method"><span class=secno>3.6.5. </span>The
1.205     avankest  236:         <code title="">abort()</code> method</a>
                    237:       </ul>
                    238: 
1.250     avankest  239:      <li><a href="#response"><span class=secno>3.7. </span>Response</a>
1.205     avankest  240:       <ul class=toc>
1.250     avankest  241:        <li><a href="#the-status-attribute"><span class=secno>3.7.1.
1.248     avankest  242:         </span>The <code title="">status</code> attribute</a>
1.205     avankest  243: 
1.250     avankest  244:        <li><a href="#the-statustext-attribute"><span class=secno>3.7.2.
1.205     avankest  245:         </span>The <code title="">statusText</code> attribute</a>
                    246: 
1.250     avankest  247:        <li><a href="#the-getresponseheader-method"><span class=secno>3.7.3.
1.205     avankest  248:         </span>The <code title="">getResponseHeader()</code> method</a>
                    249: 
                    250:        <li><a href="#the-getallresponseheaders-method"><span
1.250     avankest  251:         class=secno>3.7.4. </span>The <code
1.205     avankest  252:         title="">getAllResponseHeaders()</code> method</a>
                    253: 
1.250     avankest  254:        <li><a href="#response-entity-body0"><span class=secno>3.7.5.
1.205     avankest  255:         </span>Response Entity Body</a>
                    256: 
1.250     avankest  257:        <li><a href="#the-responsetext-attribute"><span class=secno>3.7.6.
1.205     avankest  258:         </span>The <code title="">responseText</code> attribute</a>
                    259: 
1.250     avankest  260:        <li><a href="#the-responsexml-attribute"><span class=secno>3.7.7.
1.205     avankest  261:         </span>The <code title="">responseXML</code> attribute</a>
                    262:       </ul>
1.242     avankest  263:     </ul>
1.205     avankest  264: 
1.250     avankest  265:    <li><a href="#exceptions"><span class=secno>4. </span>Exceptions</a>
1.2       avankest  266: 
1.250     avankest  267:    <li class=no-num><a href="#references">References</a>
1.2       avankest  268: 
1.131     avankest  269:    <li class=no-num><a href="#acknowledgments">Acknowledgments</a>
1.2       avankest  270:   </ul>
                    271:   <!--end-toc-->
                    272: 
1.248     avankest  273:   <h2 id=introduction><span class=secno>1. </span>Introduction</h2>
1.2       avankest  274: 
                    275:   <p><em>This section is non-normative.</em>
                    276: 
1.270     avankest  277:   <p>The <a href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object
1.225     avankest  278:    implements an interface exposed by a scripting engine that allows scripts
                    279:    to perform HTTP client functionality, such as submitting form data or
                    280:    loading data from a server. It is the ECMAScript HTTP API.
1.2       avankest  281: 
1.270     avankest  282:   <p>The name of the object is <a
                    283:    href="#xmlhttprequest"><code>XMLHttpRequest</code></a> for compatibility
                    284:    with the Web, though each component of this name is potentially
                    285:    misleading. First, the object supports any text based format, including
                    286:    XML. Second, it can be used to make requests over both HTTP and HTTPS
                    287:    (some implementations support protocols in addition to HTTP and HTTPS, but
                    288:    that functionality is not covered by this specification). Finally, it
                    289:    supports "requests" in a broad sense of the term as it pertains to HTTP;
                    290:    namely all activity involved with HTTP requests or responses for the
                    291:    defined HTTP methods.
1.2       avankest  292: 
1.25      avankest  293:   <div class=example>
1.18      avankest  294:    <p>Some simple code to do something with data from an XML document fetched
                    295:     over the network:</p>
                    296: 
1.60      avankest  297:    <pre><code>function test(data) {
1.18      avankest  298:  // taking care of data
                    299: }
                    300: 
                    301: function handler() {
1.118     avankest  302:  if(this.readyState == 4 &amp;&amp; this.status == 200) {
1.18      avankest  303:   // so far so good
1.118     avankest  304:   if(this.responseXML != null &amp;&amp; this.responseXML.getElementById('test').firstChild.data)
                    305:      // success!
1.18      avankest  306:    test(this.responseXML.getElementById('test').firstChild.data);
                    307:   else
                    308:    test(null);
1.118     avankest  309:  } else if (this.readyState == 4 &amp;&amp; this.status != 200) {
1.18      avankest  310:   // fetched the wrong page or network error...
                    311:   test(null);
                    312:  }
                    313: }
                    314: 
                    315: var client = new XMLHttpRequest();
                    316: client.onreadystatechange = handler;
1.252     avankest  317: client.open("GET", "unicorn.xml");
1.60      avankest  318: client.send();</code></pre>
1.18      avankest  319: 
1.58      avankest  320:    <p>If you just want to log a message to the server:</p>
1.18      avankest  321: 
1.60      avankest  322:    <pre><code>function log(message) {
1.18      avankest  323:  var client = new XMLHttpRequest();
1.58      avankest  324:  client.open("POST", "/log");
1.59      avankest  325:  client.setRequestHeader("Content-Type", "text/plain;charset=UTF-8");
1.18      avankest  326:  client.send(message);
1.60      avankest  327: }</code></pre>
1.18      avankest  328: 
                    329:    <p>Or if you want to check the status of a document on the server:</p>
                    330: 
1.60      avankest  331:    <pre><code>function fetchStatus(address) {
1.18      avankest  332:  var client = new XMLHttpRequest();
                    333:  client.onreadystatechange = function() {
                    334:   // in case of network errors this might not give reliable results
                    335:   if(this.readyState == 4)
                    336:    returnStatus(this.status);
                    337:  }
                    338:  client.open("HEAD", address);
                    339:  client.send();
1.60      avankest  340: }</code></pre>
1.18      avankest  341:   </div>
1.2       avankest  342: 
1.250     avankest  343:   <h2 id=conformance><span class=secno>2. </span>Conformance Criteria</h2>
1.2       avankest  344: 
1.29      avankest  345:   <p>Everything in this specification is normative except for diagrams,
1.2       avankest  346:    examples, notes and sections marked non-normative.
                    347: 
1.25      avankest  348:   <p>The key words <em class=ct>must</em>, <em class=ct>must not</em>, <em
1.261     avankest  349:    class=ct>should</em>, <em class=ct>should not</em>, and <em
                    350:    class=ct>may</em> in this document are to be interpreted as described in
                    351:    RFC 2119. [<cite><a href="#ref-rfc2119">RFC2119</a></cite>]
1.2       avankest  352: 
                    353:   <p>This specification defines the following classes of products:
                    354: 
                    355:   <dl>
1.75      avankest  356:    <dt><dfn id=conforming-user-agent>Conforming user agent</dfn>
1.2       avankest  357: 
1.75      avankest  358:    <dd>
                    359:     <p>A user agent <em class=ct>must</em> behave as described in this
1.107     avankest  360:      specification in order to be considered conformant.</p>
1.75      avankest  361: 
1.226     avankest  362:     <p>If the user agent is not a <a
1.250     avankest  363:      href="#conforming-xml-user-agent">conforming XML user agent</a> the
                    364:      <span>XML response entity body</span> <em class=ct>must</em> (always) be
                    365:      null.</p>
1.141     avankest  366: 
                    367:     <p>User agents <em class=ct>may</em> implement algorithms given in this
                    368:      specification in any way desired, so long as the end result is
                    369:      indistinguishable from the result that would be obtained by the
                    370:      specification's algorithms.</p>
1.2       avankest  371: 
1.96      avankest  372:     <p class=note>This specification uses both the terms "conforming user
                    373:      agent(s)" and "user agent(s)" to refer to this product class.</p>
                    374: 
1.95      avankest  375:    <dt><dfn id=conforming-xml-user-agent>Conforming XML user agent</dfn>
                    376: 
                    377:    <dd>
1.164     avankest  378:     <p>An XML user agent <em class=ct>must</em> be a <a
                    379:      href="#conforming-user-agent">conforming user agent</a> and <em
                    380:      class=ct>must</em> be a conforming XML processor that reports violations
                    381:      of namespace well-formedness. [<cite><a href="#ref-xml">XML</a></cite>]
1.2       avankest  382:   </dl>
                    383: 
1.248     avankest  384:   <h3 id=dependencies><span class=secno>2.1. </span>Dependencies</h3>
1.2       avankest  385: 
1.31      avankest  386:   <p>This specification relies on several underlying specifications.
1.2       avankest  387: 
1.31      avankest  388:   <dl>
                    389:    <dt>DOM
1.2       avankest  390: 
1.31      avankest  391:    <dd>
1.127     avankest  392:     <p>A <a href="#conforming-user-agent" title="conforming user
1.177     avankest  393:      agent">conforming user agent</a> <em class=ct>must</em> support at least
                    394:      the subset of the functionality defined in DOM Events and DOM Core that
1.183     avankest  395:      this specification relies upon, such as various exceptions and
                    396:      <code>EventTarget</code>. [<cite><a
1.156     avankest  397:      href="#ref-dom2events">DOM2Events</a></cite>] [<cite><a
                    398:      href="#ref-dom3core">DOM3Core</a></cite>]
1.2       avankest  399: 
1.252     avankest  400:    <dt>HTML5
1.162     avankest  401: 
                    402:    <dd>
1.183     avankest  403:     <p>A <a href="#conforming-user-agent">conforming user agent</a> <em
1.190     avankest  404:      class=ct>must</em> support at least the subset of the functionality
1.252     avankest  405:      defined in HTML5 that this specification relies upon, such as the basics
                    406:      of the <code>Window</code> object and serializing a
1.198     avankest  407:      <code>Document</code> object. [<cite><a
                    408:      href="#ref-html5">HTML5</a></cite>]</p>
1.190     avankest  409: 
1.162     avankest  410:     <p class=note>The <a
                    411:      href="http://www.w3.org/TR/2006/WD-Window-20060407/">Window Object
                    412:      1.0</a> draft is not referenced normatively as it appears to be no
1.252     avankest  413:      longer maintained and HTML5 defines the <code>Window</code> object in
                    414:      more detail. This specification already depends on HTML5 for other
                    415:      reasons so there is not much additional overhead because of this.</p>
1.162     avankest  416: 
1.31      avankest  417:    <dt>HTTP
1.11      avankest  418: 
1.31      avankest  419:    <dd>
1.250     avankest  420:     <p>A <a href="#conforming-user-agent" title="conforming user
                    421:      agent">conforming user agent</a> <em class=ct>must</em> support some
                    422:      version of the HTTP protocol. Requirements regarding HTTP are made
                    423:      throughout the specification. [<cite><a
                    424:      href="#rfc-rfc2616">RFC2616</a></cite>]
1.182     avankest  425: 
                    426:    <dt>Web IDL
                    427: 
1.250     avankest  428:    <dd>
                    429:     <p>A <a href="#conforming-user-agent">conforming user agent</a> <em
                    430:      class=ct>must</em> also be a conforming implementation of the IDL
                    431:      fragments in this specification, as described in the Web IDL
                    432:      specification. [<cite><a href="#ref-webidl">WebIDL</a></cite>]
1.31      avankest  433:   </dl>
1.2       avankest  434: 
1.248     avankest  435:   <h3 id=terminology><span class=secno>2.2. </span>Terminology</h3>
1.211     avankest  436: 
1.286     avankest  437:   <p><dfn id=dfn-obtain-unicode>Convert a DOMString to a sequence of Unicode
1.235     avankest  438:    characters</dfn> is defined by the Web IDL specification. [<cite><a
                    439:    href="#ref-webidl">WebIDL</a></cite>]
                    440: 
1.271     avankest  441:   <p>The term <dfn id=user-credentials>user credentials</dfn> for the
                    442:    purposes of this specification means cookies, HTTP authentication, and
                    443:    client-side SSL certificates. Specifically it does not refer to proxy
                    444:    authentication or the <code title=http-origin>Origin</code> header. <a
                    445:    href="#ref-cookies">[COOKIES]</a> <!-- XXX ref? -->
                    446: 
1.259     avankest  447:   <p>The terms and algorithms <dfn
                    448:    id=url-fragment><code>&lt;fragment></code></dfn>, <dfn
                    449:    id=url-scheme><code>&lt;scheme></code></dfn>, <dfn
1.268     avankest  450:    id=cookie-free-document-object>cookie-free <code>Document</code>
                    451:    object</dfn>, <dfn id=document-base-url>document base URL</dfn>, <dfn
1.259     avankest  452:    id=document-character-encoding>document's character encoding</dfn>, <dfn
                    453:    id=event-handler-attributes-0>event handler attributes</dfn>, <dfn
                    454:    id=event-handler-event-type>event handler event type</dfn>, <dfn
1.262     avankest  455:    id=fetch>fetch</dfn>, <dfn id=fully-active>fully active</dfn>, <dfn
1.227     avankest  456:    id=function><code>Function</code></dfn>, <dfn id=dom-innerhtml
                    457:    title=dom-innerHTML><code>innerHTML</code></dfn>, <dfn
1.234     avankest  458:    id=origin>origin</dfn>, <dfn id=preferred-mime-name>preferred MIME
                    459:    name</dfn>, <dfn id=resolve-a-url>resolve a URL</dfn>, <dfn
1.227     avankest  460:    id=same-origin>same origin</dfn>, <dfn id=storage-mutex>storage
                    461:    mutex</dfn>, <dfn id=task>task</dfn>, <dfn id=task-source>task
1.254     avankest  462:    source</dfn>, <dfn id=task-queues>task queues</dfn>, <dfn
                    463:    id=url>URL</dfn>, <dfn id=url-character-encoding>URL character
                    464:    encoding</dfn>, <dfn id=queue-a-task>queue a task</dfn>, and <dfn
                    465:    id=valid-mime-type>valid MIME type</dfn> are defined by the HTML5
1.252     avankest  466:    specification. [<cite><a href="#ref-html5">HTML5</a></cite>]
1.205     avankest  467: 
                    468:   <p>The term <dfn id=entity-body>entity body</dfn> is used as described in
                    469:    RFC 2616. <dfn id=method-token>Method token</dfn> is used as described in
                    470:    section 5.1.1 of RFC 2616. <dfn
                    471:    id=field-name><code>field-name</code></dfn> and <dfn
                    472:    id=field-value><code>field-value</code></dfn> are used as described in
1.250     avankest  473:    section 4.2 of RFC 2616. [<cite><a href="#rfc-rfc2616">RFC2616</a></cite>]
1.205     avankest  474: 
1.260     avankest  475:   <p>To <dfn id=deflate-a-domstring-into-a-byte-sequence>deflate a DOMString
                    476:    into a byte sequence</dfn> means to create a sequence of bytes such that
                    477:    the <var title="">n</var>th byte of the sequence is equal to the low-order
                    478:    byte of the <var title="">n</var>th code point in the original DOMString.
                    479: 
                    480:   <p>To <dfn id=inflate-a-byte-sequence-into-a-domstring>inflate a byte
                    481:    sequence into a DOMString</dfn> means to create a DOMString such that the
                    482:    <var title="">n</var>th code point has 0x00 as the high-order byte and the
                    483:    <var title="">n</var>th byte of the byte sequence as the low-order byte.
1.258     avankest  484: 
1.205     avankest  485:   <p><dfn id=userinfo><code>userinfo</code></dfn> is used as described in
                    486:    section 3.2.1 of RFC 3986. [<cite><a
                    487:    href="#ref-rfc3986">RFC3986</a></cite>]
                    488: 
                    489:   <p>To <dfn id=dispatch-readystatechange-event>dispatch a
                    490:    <code>readystatechange</code> event</dfn> means that an event with the
1.278     avankest  491:    name <code title=event-xhr-readystatechange>readystatechange</code>, which
                    492:    does not bubble and is not cancelable, and which uses the
                    493:    <code>Event</code> interface, is to be dispatched at the <a
1.270     avankest  494:    href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object.
1.156     avankest  495: 
1.248     avankest  496:   <h3 id=extensibility><span class=secno>2.3. </span>Extensibility</h3>
1.2       avankest  497: 
1.252     avankest  498:   <p>User agents, Working Groups, and other interested parties are
                    499:    <em>strongly encouraged</em> to discuss extensions on a relevant public
                    500:    forum, preferably <a
                    501:    href="mailto:public-webapps@w3.org">public-webapps@w3.org</a>. If this is
                    502:    for some reason not possible prefix the extension in some way and start
                    503:    the prefix with an uppercase letter. E.g. if company Foo wants to add a
                    504:    private method <code>bar()</code> it could be named <code>FooBar()</code>
                    505:    to prevent clashes with a potential future standardized
                    506:    <code>bar()</code>.
1.2       avankest  507: 
1.250     avankest  508:   <h2 id=the-xmlhttprequest-interface><span class=secno>3. </span>The <code
1.225     avankest  509:    title="">XMLHttpRequest</code> Interface</h2>
1.2       avankest  510: 
1.270     avankest  511:   <p>The <a href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object can
1.225     avankest  512:    be used by scripts to programmatically connect to their originating server
                    513:    via HTTP.
1.2       avankest  514: 
1.230     avankest  515:   <pre class=idl>[NoInterfaceObject]
                    516: interface <dfn id=xmlhttprequesteventtarget>XMLHttpRequestEventTarget</dfn> : EventTarget {
                    517:   // for future use
                    518: };
                    519: 
1.242     avankest  520: [<a href="#dom-xmlhttprequest" title=dom-XMLHttpRequest>Constructor</a>]
1.230     avankest  521: interface <dfn id=xmlhttprequest>XMLHttpRequest</dfn> : <a href="#xmlhttprequesteventtarget">XMLHttpRequestEventTarget</a> {
1.208     avankest  522:   // <a href="#event-handler-attributes">event handler attributes</a>
1.278     avankest  523:            attribute <a href="#function">Function</a> <a href="#handler-xhr-onreadystatechange" title=handler-xhr-onreadystatechange>onreadystatechange</a>;
1.60      avankest  524: 
1.208     avankest  525:   // <a href="#states">states</a>
1.277     avankest  526:   const unsigned short <a href="#dom-xmlhttprequest-unsent" title=dom-XMLHttpRequest-UNSENT>UNSENT</a> = 0;
                    527:   const unsigned short <a href="#dom-xmlhttprequest-opened" title=dom-XMLHttpRequest-OPENED>OPENED</a> = 1;
                    528:   const unsigned short <a href="#dom-xmlhttprequest-headers_received" title="dom-XMLHttpRequest-HEADERS_RECEIVED">HEADERS_RECEIVED</a> = 2;
                    529:   const unsigned short <a href="#dom-xmlhttprequest-loading" title=dom-XMLHttpRequest-LOADING>LOADING</a> = 3;
                    530:   const unsigned short <a href="#dom-xmlhttprequest-done" title=dom-XMLHttpRequest-DONE>DONE</a> = 4;
1.282     avankest  531:   readonly attribute unsigned short <a href="#dom-xmlhttprequest-readystate" title=dom-XMLHttpRequest-readyState>readyState</a>;
1.60      avankest  532: 
1.207     avankest  533:   // <a href="#request">request</a>
1.279     avankest  534:   void <a href="#dom-xmlhttprequest-open" title=dom-XMLHttpRequest-open>open</a>(DOMString <var>method</var>, DOMString <var title="">url</var>);
                    535:   void <a href="#dom-xmlhttprequest-open" title=dom-XMLHttpRequest-open>open</a>(DOMString <var>method</var>, DOMString <var title="">url</var>, boolean <var>async</var>);
                    536:   void <a href="#dom-xmlhttprequest-open" title=dom-XMLHttpRequest-open>open</a>(DOMString <var>method</var>, DOMString <var title="">url</var>, boolean <var>async</var>, DOMString? <var>user</var>);
                    537:   void <a href="#dom-xmlhttprequest-open" title=dom-XMLHttpRequest-open>open</a>(DOMString <var>method</var>, DOMString <var title="">url</var>, boolean <var>async</var>, DOMString? <var>user</var>, DOMString? <var>password</var>);
1.284     avankest  538:   void <a href="#dom-xmlhttprequest-setrequestheader" title=dom-XMLHttpRequest-setRequestHeader>setRequestHeader</a>(DOMString <var>header</var>, DOMString <var>value</var>);
1.276     avankest  539:   void <a href="#dom-xmlhttprequest-send" title=dom-XMLHttpRequest-send>send</a>();
                    540:   void <a href="#dom-xmlhttprequest-send" title=dom-XMLHttpRequest-send>send</a>(Document <var>data</var>);
                    541:   void <a href="#dom-xmlhttprequest-send" title=dom-XMLHttpRequest-send>send</a>([AllowAny] DOMString? <var>data</var>);
1.280     avankest  542:   void <a href="#dom-xmlhttprequest-abort" title=dom-XMLHttpRequest-abort>abort</a>();
1.60      avankest  543: 
1.207     avankest  544:   // <a href="#response">response</a>
1.281     avankest  545:   readonly attribute unsigned short <a href="#dom-xmlhttprequest-status" title=dom-XMLHttpRequest-status>status</a>;
                    546:   readonly attribute DOMString <a href="#dom-xmlhttprequest-statustext" title=dom-XMLHttpRequest-statusText>statusText</a>;
1.283     avankest  547:   DOMString <a href="#dom-xmlhttprequest-getresponseheader" title=dom-XMLHttpRequest-getResponseHeader>getResponseHeader</a>(DOMString <var>header</var>);
                    548:   DOMString <span title=dom-XMLHttpRequest-getAllResponseHeaders>getAllResponseHeaders</span>();
1.281     avankest  549:   readonly attribute DOMString <a href="#dom-xmlhttprequest-responsetext" title=dom-XMLHttpRequest-responseText>responseText</a>;
                    550:   readonly attribute Document <a href="#dom-xmlhttprequest-responsexml" title=dom-XMLHttpRequest-responseXML>responseXML</a>;
1.230     avankest  551: };</pre>
1.2       avankest  552: 
1.250     avankest  553:   <h3 id=origin-and-base-url><span class=secno>3.1. </span>Origin and Base
1.248     avankest  554:    URL</h3>
1.205     avankest  555: 
1.270     avankest  556:   <p>Each <a href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object
1.225     avankest  557:    has an associated <dfn
1.205     avankest  558:    id=xmlhttprequest-origin><code>XMLHttpRequest</code> origin</dfn> and an
                    559:    <dfn id=xmlhttprequest-base-url><code>XMLHttpRequest</code> base
                    560:    URL</dfn>.
                    561: 
                    562:   <p>This specification defines their values when the global object is
1.270     avankest  563:    represented by the <code>Window</code> object. When the <a
                    564:    href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object is used in
                    565:    other contexts their values will have to be defined as appropriate for
                    566:    that context. That is considered to be out of scope for this
                    567:    specification.
1.205     avankest  568: 
                    569:   <p>In environments where the global object is represented by the
1.270     avankest  570:    <code>Window</code> object the <a
                    571:    href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object has an
                    572:    associated <dfn id=xmlhttprequest-document><code>XMLHttpRequest</code>
1.205     avankest  573:    <code>Document</code></dfn> which is the <code>Document</code> object
1.270     avankest  574:    associated with the <code>Window</code> object for which the <a
                    575:    href="#xmlhttprequest"><code>XMLHttpRequest</code></a> interface object
                    576:    was created.
1.205     avankest  577: 
                    578:   <p class=note>The <a
                    579:    href="#xmlhttprequest-document"><code>XMLHttpRequest</code>
                    580:    <code>Document</code></a> is used to determine the <a
                    581:    href="#xmlhttprequest-origin"><code>XMLHttpRequest</code> origin</a> and
                    582:    <a href="#xmlhttprequest-base-url"><code>XMLHttpRequest</code> base
1.245     avankest  583:    URL</a> at a later stage.
1.205     avankest  584: 
1.250     avankest  585:   <h3 id=task-sources><span class=secno>3.2. </span>Task Sources</h3>
1.205     avankest  586: 
1.253     avankest  587:   <p>The <a href="#task-source">task source</a> used by this specification is
                    588:    the <dfn id=xmlhttprequest-task-source><code>XMLHttpRequest</code> task
                    589:    source</dfn>.
1.205     avankest  590: 
1.250     avankest  591:   <h3 id=constructors><span class=secno>3.3. </span>Constructors</h3>
1.205     avankest  592: 
1.275     avankest  593:   <dl class=domintro>
                    594:    <dt><var title="">client</var> = new <a href="#dom-xmlhttprequest"><code
                    595:     title=dom-XMLHttpRequest>XMLHttpRequest</code></a>()
                    596: 
                    597:    <dd>Returns a new <a
                    598:     href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object.
                    599:   </dl>
                    600: 
1.271     avankest  601:   <p>When the <dfn id=dom-xmlhttprequest
                    602:    title=dom-XMLHttpRequest><code>XMLHttpRequest()</code></dfn> constructor
                    603:    is invoked, the user agent <em class=ct>must</em> return a new <a
1.270     avankest  604:    href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object.
1.205     avankest  605: 
1.250     avankest  606:   <h3 id=event-handler-attributes><span class=secno>3.4. </span>Event Handler
1.207     avankest  607:    Attributes</h3>
                    608: 
                    609:   <p>The following is the <a href="#event-handler-attributes-0" title="event
                    610:    handler attributes">event handler attribute</a> (and its corresponding <a
                    611:    href="#event-handler-event-type">event handler event type</a>) that <em
1.270     avankest  612:    class=ct>must</em> be supported as DOM attribute by the <a
                    613:    href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object:
1.207     avankest  614: 
                    615:   <table>
                    616:    <thead>
                    617:     <tr>
                    618:      <th><a href="#event-handler-attributes-0" title="event handler
                    619:       attributes">event handler attribute</a>
                    620: 
                    621:      <th><a href="#event-handler-event-type">event handler event type</a>
                    622: 
                    623:    <tbody>
                    624:     <tr>
1.278     avankest  625:      <td><dfn id=handler-xhr-onreadystatechange
                    626:       title=handler-xhr-onreadystatechange><code>onreadystatechange</code></dfn>
                    627:       
1.207     avankest  628: 
1.278     avankest  629:      <td><code title=event-xhr-readystatechange>readystatechange</code>
1.207     avankest  630:   </table>
                    631: 
1.250     avankest  632:   <h3 id=states><span class=secno>3.5. </span>States</h3>
1.205     avankest  633: 
1.282     avankest  634:   <dl class=domintro>
                    635:    <dt><var title="">client</var> . <a
                    636:     href="#dom-xmlhttprequest-readystate"><code
                    637:     title=dom-XMLHttpRequest-readyState>readyState</code></a>
                    638: 
                    639:    <dd>
                    640:     <p>Returns the current state.
                    641:   </dl>
                    642: 
1.270     avankest  643:   <p>The <a href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object can
1.282     avankest  644:    be in several states. The <dfn id=dom-xmlhttprequest-readystate
                    645:    title=dom-XMLHttpRequest-readyState><code>readyState</code></dfn>
                    646:    attribute <em class=ct>must</em> return the current state, which <em
                    647:    class=ct>must</em> be one of the following values:
1.205     avankest  648: 
                    649:   <dl>
1.277     avankest  650:    <dt><dfn id=dom-xmlhttprequest-unsent
                    651:     title=dom-XMLHttpRequest-UNSENT><code>UNSENT</code></dfn> (numeric value
                    652:     0)
1.125     avankest  653: 
1.205     avankest  654:    <dd>
                    655:     <p>The object has been constructed.
                    656: 
1.277     avankest  657:    <dt><dfn id=dom-xmlhttprequest-opened
                    658:     title=dom-XMLHttpRequest-OPENED><code>OPENED</code></dfn> (numeric value
                    659:     1)
1.205     avankest  660: 
                    661:    <dd>
1.279     avankest  662:     <p>The <a href="#dom-xmlhttprequest-open"><code
                    663:      title=dom-XMLHttpRequest-open>open()</code></a> method has been
                    664:      successfully invoked. During this state request headers can be set using
1.284     avankest  665:      <a href="#dom-xmlhttprequest-setrequestheader"><code
                    666:      title=dom-XMLHttpRequest-setRequestHeader>setRequestHeader()</code></a>
1.275     avankest  667:      and the request can be made using the <a
1.276     avankest  668:      href="#dom-xmlhttprequest-send"><code
                    669:      title=dom-XMLHttpRequest-send>send()</code></a> method.
1.89      avankest  670: 
1.277     avankest  671:    <dt><dfn id="dom-xmlhttprequest-headers_received"
                    672:     title="dom-XMLHttpRequest-HEADERS_RECEIVED"><code>HEADERS_RECEIVED</code></dfn>
                    673:     (numeric value 2)
1.89      avankest  674: 
1.205     avankest  675:    <dd>
1.259     avankest  676:     <p>All redirects (if any) have been followed and all HTTP headers of the
                    677:      final response have been received. Several response members of the
1.205     avankest  678:      object are now available.
1.91      avankest  679: 
1.277     avankest  680:    <dt><dfn id=dom-xmlhttprequest-loading
                    681:     title=dom-XMLHttpRequest-LOADING><code>LOADING</code></dfn> (numeric
                    682:     value 3)
1.112     avankest  683: 
1.205     avankest  684:    <dd>
                    685:     <p>The <a href="#response-entity-body">response entity body</a> is being
                    686:      received.
1.91      avankest  687: 
1.277     avankest  688:    <dt><dfn id=dom-xmlhttprequest-done
                    689:     title=dom-XMLHttpRequest-DONE><code>DONE</code></dfn> (numeric value 4)
1.119     avankest  690: 
1.205     avankest  691:    <dd>
                    692:     <p>The data transfer has been completed or something went wrong during
                    693:      the transfer (e.g. infinite redirects).
                    694:   </dl>
1.116     avankest  695: 
1.277     avankest  696:   <p>The <a href="#dom-xmlhttprequest-opened"
                    697:    title=dom-XMLHttpRequest-OPENED>OPENED</a> state has an associated <dfn
                    698:    id=send-flag><code>send()</code> flag</dfn> that indicates whether the <a
                    699:    href="#dom-xmlhttprequest-send"><code
1.276     avankest  700:    title=dom-XMLHttpRequest-send>send()</code></a> method has been invoked.
                    701:    It can be either true or false and has an initial value of false.
1.205     avankest  702: 
1.277     avankest  703:   <p>The <a href="#dom-xmlhttprequest-done"
                    704:    title=dom-XMLHttpRequest-DONE>DONE</a> state has an associated <dfn
                    705:    id=error-flag>error flag</dfn> that indicates some type of network error
                    706:    or abortion. It can be either true or false and has an initial value of
                    707:    false.
1.205     avankest  708: 
1.250     avankest  709:   <h3 id=request><span class=secno>3.6. </span>Request</h3>
1.112     avankest  710: 
1.270     avankest  711:   <p>The <a href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object
1.225     avankest  712:    holds the following request metadata variables:
1.112     avankest  713: 
1.206     avankest  714:   <dl>
                    715:    <dt>The <dfn id=asynchronous-flag>asynchronous flag</dfn>
                    716: 
1.271     avankest  717:    <dd>True when <a href="#fetch" title=fetch>fetching</a> is done
                    718:     asychronously. False when fetching is done synchronously.
1.206     avankest  719: 
                    720:    <dt>The <dfn id=request-method>request method</dfn>
                    721: 
                    722:    <dd>The method used in the request.
                    723: 
                    724:    <dt>The <dfn id=request-url>request URL</dfn>
                    725: 
                    726:    <dd>The <a href="#url">URL</a> used in the request.
                    727: 
                    728:    <dt>The <dfn id=request-username>request username</dfn>
                    729: 
                    730:    <dd>The username used in the request or null if there is no username.
                    731: 
                    732:    <dt>The <dfn id=request-password>request password</dfn>
                    733: 
                    734:    <dd>The password used in the request or null if there is no password.
1.112     avankest  735: 
1.206     avankest  736:    <dt>The <dfn id=author-request-headers>author request headers</dfn>
1.112     avankest  737: 
1.206     avankest  738:    <dd>A list consisting of HTTP header name/value pairs to be used in the
                    739:     request.
1.112     avankest  740: 
1.206     avankest  741:    <dt>The <dfn id=request-entity-body>request entity body</dfn>
1.112     avankest  742: 
1.206     avankest  743:    <dd>The <a href="#entity-body">entity body</a> used in the request.
                    744:   </dl>
1.205     avankest  745: 
1.250     avankest  746:   <h4 id=the-open-method><span class=secno>3.6.1. </span>The <code
1.205     avankest  747:    title="">open()</code> method</h4>
                    748: 
1.274     avankest  749:   <dl class=domintro>
1.275     avankest  750:    <dt><var title="">client</var> . <a href="#dom-xmlhttprequest-open"><code
1.279     avankest  751:     title=dom-XMLHttpRequest-open>open(<var title="">method</var>, <var
                    752:     title="">url</var>, <var title="">async</var>, <var title="">user</var>,
                    753:     <var title="">password</var>)</code></a>
1.274     avankest  754: 
                    755:    <dd>
                    756:     <p>Sets the <a href="#request-method">request method</a>, <a
                    757:      href="#request-url">request URL</a>, <a
                    758:      href="#asynchronous-flag">asynchronous flag</a>, <a
                    759:      href="#request-username">request username</a>, and <a
1.285     avankest  760:      href="#request-password">request password</a>.</p>
                    761: 
                    762:     <p>Throws a <code>SYNTAX_ERR</code> exception if one of the following is
                    763:      true:</p>
                    764: 
                    765:     <ul>
                    766:      <li><var title="">method</var> is not a valid HTTP method.
                    767: 
                    768:      <li><var title="">url</var> cannot be resolved.
                    769: 
                    770:      <li><var title="">url</var> contains the <code>"user:password"</code>
                    771:       format in the <a href="#userinfo"><code>userinfo</code></a> production.
                    772:     </ul>
                    773: 
                    774:     <p>Throws a <a href="#security-err"><code>SECURITY_ERR</code></a>
                    775:      exception if <var title="">method</var> is a case-insensitive match for
                    776:      <code>CONNECT</code>, <code>TRACE</code> or <code>TRACK</code>.</p>
                    777: 
                    778:     <p>Throws a <a href="#security-err"><code>SECURITY_ERR</code></a>
                    779:      exception if the <a href="#origin">origin</a> of <var title="">url</var>
                    780:      does not match the <a
                    781:      href="#xmlhttprequest-origin"><code>XMLHttpRequest</code> origin</a>.</p>
                    782: 
1.286     avankest  783:     <p>Throws a <code>NOT_SUPPORTED_ERR</code> exception if the <a
                    784:      href="#url-scheme"><code>&lt;scheme></code></a> of <var
                    785:      title="">url</var> is not supported.</p>
1.274     avankest  786:   </dl>
                    787: 
1.275     avankest  788:   <p>When the <dfn id=dom-xmlhttprequest-open
1.279     avankest  789:    title=dom-XMLHttpRequest-open><code>open(<var title="">method</var>, <var
                    790:    title="">url</var>, <var title="">async</var>, <var title="">user</var>,
                    791:    <var title="">password</var>)</code></dfn> method is invoked, the user
                    792:    agent <em class=ct>must</em> run these steps (unless otherwise indicated):
1.112     avankest  793: 
1.205     avankest  794:   <ol>
                    795:    <li>
1.270     avankest  796:     <p>If the <a href="#xmlhttprequest"><code>XMLHttpRequest</code></a>
1.225     avankest  797:      object has an associated <a
1.205     avankest  798:      href="#xmlhttprequest-document"><code>XMLHttpRequest</code>
                    799:      <code>Document</code></a> run these substeps:</p>
1.112     avankest  800: 
1.205     avankest  801:     <ol>
                    802:      <li>
                    803:       <p>If the <a
                    804:        href="#xmlhttprequest-document"><code>XMLHttpRequest</code>
                    805:        <code>Document</code></a> is not <a href="#fully-active">fully
                    806:        active</a> raise an <code>INVALID_STATE_ERR</code> exception and
                    807:        terminate the overall set of steps.
                    808: 
                    809:      <li>
                    810:       <p>Let <a href="#xmlhttprequest-base-url"><code>XMLHttpRequest</code>
                    811:        base URL</a> be the <a href="#document-base-url">document base URL</a>
                    812:        of the <a href="#xmlhttprequest-document"><code>XMLHttpRequest</code>
                    813:        <code>Document</code></a>.
                    814: 
                    815:      <li>
                    816:       <p>Let <a href="#xmlhttprequest-origin"><code>XMLHttpRequest</code>
                    817:        origin</a> be the <a href="#origin">origin</a> of the <a
                    818:        href="#xmlhttprequest-document"><code>XMLHttpRequest</code>
                    819:        <code>Document</code></a>.
                    820:     </ol>
1.112     avankest  821: 
                    822:    <li>
1.258     avankest  823:     <p>If any code point in <var>method</var> is higher than U+00FF LATIN
1.260     avankest  824:      SMALL LETTER Y WITH DIAERESIS or after <span title="deflate a DOMString
                    825:      into an byte sequence">deflating</span> <var>method</var> it does not
                    826:      match the <a href="#method-token">Method token</a> production raise a
                    827:      <code>SYNTAX_ERR</code> exception and terminate these steps. Otherwise
                    828:      let <var>method</var> be the result of <span title="deflate a DOMString
                    829:      into an byte sequence">deflating</span> <var>method</var>.
1.258     avankest  830:    </li>
                    831:    <!-- This sounds lame, but it works. -->
1.91      avankest  832: 
                    833:    <li>
1.258     avankest  834:     <p>If <var>method</var> is a case-insensitive match for
                    835:      <code>CONNECT</code>, <code>DELETE</code>, <code>GET</code>,
                    836:      <code>HEAD</code>, <code>OPTIONS</code>, <code>POST</code>,
                    837:      <code>PUT</code>, <code>TRACE</code>, or <code>TRACK</code> subtract
                    838:      0x20 from each byte in the range 0x61 (ASCII a) to 0x7A (ASCII z).</p>
1.205     avankest  839: 
                    840:     <p class=note>If it does not match any of the above, it is passed through
                    841:      <em>literally</em>, including in the final request.</p>
                    842:    </li>
                    843:    <!-- WebKit (and supposedly Gecko) also uppercase: COPY, INDEX, LOCK,
                    844:    M-POST, MKCOL, MOVE, PROPFIND, PROPPATCH, and UNLOCK. -->
1.89      avankest  845: 
1.205     avankest  846:    <li>
1.258     avankest  847:     <p>If <var>method</var> is a case-sensitive match for
1.261     avankest  848:      <code>CONNECT</code>, <code>TRACE</code>, or <code>TRACK</code> raise a
1.270     avankest  849:      <a href="#security-err"><code>SECURITY_ERR</code></a> exception and
1.261     avankest  850:      terminate these steps.</p>
1.164     avankest  851: 
1.205     avankest  852:     <p class=note>Allowing these methods poses a security risk. [<cite><a
                    853:      href="#ref-httpverbsec">HTTPVERBSEC</a></cite>]</p>
1.89      avankest  854: 
1.91      avankest  855:    <li>
1.205     avankest  856:     <p>Let <var title="">url</var> be a <a href="#url">URL</a>.
1.89      avankest  857: 
                    858:    <li>
1.205     avankest  859:     <p>Let <a href="#url-character-encoding">URL character encoding</a> of
                    860:      <var title="">url</var> be UTF-8.
1.89      avankest  861: 
                    862:    <li>
1.257     avankest  863:     <p><a href="#resolve-a-url" title="Resolve a URL">Resolve</a> <var
                    864:      title="">url</var> relative to the <a
1.205     avankest  865:      href="#xmlhttprequest-base-url"><code>XMLHttpRequest</code> base
                    866:      URL</a>. If the algorithm returns an error raise a
                    867:      <code>SYNTAX_ERR</code> exception and terminate these steps.
                    868:    </li>
                    869:    <!-- Presto and Gecko override the encoding. WebKit does not. Trident
                    870:    does not support non-ASCII URLs. This matters for the <query> component,
                    871:    see HTML5. -->
1.129     avankest  872: 
1.205     avankest  873:    <li>
1.270     avankest  874:     <p>Drop <a href="#url-fragment"><code>&lt;fragment></code></a> from <var
1.205     avankest  875:      title="">url</var>.
1.89      avankest  876: 
                    877:    <li>
1.270     avankest  878:     <p>If <var title="">url</var> contains an unsupported <a
                    879:      href="#url-scheme"><code>&lt;scheme></code></a> raise a
1.205     avankest  880:      <code>NOT_SUPPORTED_ERR</code> and terminate these steps.
1.89      avankest  881: 
1.205     avankest  882:    <li>
1.270     avankest  883:     <p>If the <code>"user:password"</code> format in the <a
                    884:      href="#userinfo"><code>userinfo</code></a> production is not supported
                    885:      for the relevant scheme and <var title="">url</var> contains this format
                    886:      raise a <code>SYNTAX_ERR</code> and terminate these steps.
1.2       avankest  887: 
1.205     avankest  888:    <li>
                    889:     <p>If <var title="">url</var> contains the <code>"user:password"</code>
                    890:      format let <var>temp user</var> be the user part and <var>temp
                    891:      password</var> be the password part.
1.2       avankest  892: 
1.205     avankest  893:    <li>
                    894:     <p>If <var title="">url</var> just contains the <code>"user"</code>
                    895:      format let <var>temp user</var> be the user part.
1.2       avankest  896: 
1.205     avankest  897:    <li>
                    898:     <p>If the <a href="#origin">origin</a> of <var title="">url</var> is not
                    899:      <a href="#same-origin">same origin</a> with the <a
1.261     avankest  900:      href="#xmlhttprequest-origin"><code>XMLHttpRequest</code> origin</a>
1.270     avankest  901:      raise a <a href="#security-err"><code>SECURITY_ERR</code></a> exception
1.261     avankest  902:      and terminate these steps.
1.2       avankest  903: 
1.205     avankest  904:    <li>
                    905:     <p>Let <var>async</var> be the value of the <var>async</var> argument or
1.271     avankest  906:      true if it was omitted.
1.2       avankest  907: 
1.205     avankest  908:    <li>
                    909:     <p>If the <var>user</var> argument was not omitted follow these sub
                    910:      steps:</p>
1.2       avankest  911: 
1.60      avankest  912:     <ol>
                    913:      <li>
1.241     avankest  914:       <p>If <var>user</var> is null let <var>temp user</var> be null.
1.2       avankest  915: 
1.60      avankest  916:      <li>
1.205     avankest  917:       <p>Otherwise let <var>temp user</var> be <var>user</var>.
                    918:     </ol>
1.184     avankest  919: 
1.205     avankest  920:     <p class=note>These steps override anything that may have been set by the
                    921:      <var title="">url</var> argument.</p>
1.157     avankest  922: 
1.205     avankest  923:    <li>
                    924:     <p>If the <var>password</var> argument was not omitted follow these sub
                    925:      steps:</p>
1.2       avankest  926: 
1.205     avankest  927:     <ol>
1.60      avankest  928:      <li>
1.241     avankest  929:       <p>If <var>password</var> is null let <var>temp password</var> be null.
1.2       avankest  930: 
1.60      avankest  931:      <li>
1.205     avankest  932:       <p>Otherwise let <var>temp password</var> be <var>password</var>.
                    933:     </ol>
1.102     avankest  934: 
1.205     avankest  935:     <p class=note>These steps override anything that may have been set by the
                    936:      <var title="">url</var> argument.</p>
1.2       avankest  937: 
1.205     avankest  938:    <li>
                    939:     <p><a href="#abort-send-algorithm" title="abort send()">Abort the
                    940:      <code>send()</code> algorithm</a>.
1.2       avankest  941: 
1.205     avankest  942:    <li>
                    943:     <p>The user agent <em class=ct>should</em> cancel any network activity
                    944:      for which the object is responsible.
                    945:    </li>
                    946:    <!-- we can hardly require it... -->
1.24      avankest  947: 
1.205     avankest  948:    <li>
1.254     avankest  949:     <p>If there are any <a href="#task" title=task>tasks</a> from the
                    950:      object's <a
                    951:      href="#xmlhttprequest-task-source"><code>XMLHttpRequest</code> task
                    952:      source</a> in one of the <a href="#task-queues">task queues</a>, then
                    953:      remove those tasks.
                    954: 
                    955:    <li>
1.205     avankest  956:     <p>Set variables associated with the object as follows:</p>
1.70      avankest  957: 
1.205     avankest  958:     <ul>
1.60      avankest  959:      <li>
1.205     avankest  960:       <p>Set the <a href="#send-flag"><code>send()</code> flag</a> to false.
1.60      avankest  961: 
                    962:      <li>
1.205     avankest  963:       <p>Set <a href="#response-entity-body">response entity body</a> to
                    964:        null.
1.60      avankest  965: 
                    966:      <li>
1.205     avankest  967:       <p>Empty the list of <a href="#author-request-headers">author request
                    968:        headers</a>.</p>
1.17      avankest  969: 
1.60      avankest  970:      <li>
1.205     avankest  971:       <p>Set the <a href="#request-method">request method</a> to
                    972:        <var>method</var>.
1.17      avankest  973: 
1.60      avankest  974:      <li>
1.205     avankest  975:       <p>Set the <a href="#request-url">request URL</a> to <var
                    976:        title="">url</var>.
1.17      avankest  977: 
1.60      avankest  978:      <li>
1.205     avankest  979:       <p>Set the <a href="#request-username">request username</a> to
                    980:        <var>temp user</var>.
1.17      avankest  981: 
1.60      avankest  982:      <li>
1.205     avankest  983:       <p>Set the <a href="#request-password">request password</a> to
                    984:        <var>temp password</var>.
1.17      avankest  985: 
1.60      avankest  986:      <li>
1.271     avankest  987:       <p>Set the <a href="#asynchronous-flag">asynchronous flag</a> to the
                    988:        value of <var>async</var>.
1.205     avankest  989:     </ul>
1.44      avankest  990: 
1.205     avankest  991:    <li>
1.277     avankest  992:     <p>Switch the the state to <a href="#dom-xmlhttprequest-opened"
                    993:      title=dom-XMLHttpRequest-OPENED>OPENED</a>.
1.176     avankest  994: 
1.205     avankest  995:    <li>
                    996:     <p><a href="#dispatch-readystatechange-event">Dispatch a
                    997:      <code>readystatechange</code> event</a>.
                    998:   </ol>
1.22      avankest  999: 
1.250     avankest 1000:   <h4 id=the-setrequestheader-method><span class=secno>3.6.2. </span>The
1.248     avankest 1001:    <code title="">setRequestHeader()</code> method</h4>
1.275     avankest 1002: 
                   1003:   <dl class=domintro>
1.284     avankest 1004:    <dt><var title="">client</var> . <a
                   1005:     href="#dom-xmlhttprequest-setrequestheader"><code
                   1006:     title=dom-XMLHttpRequest-setRequestHeader>setRequestHeader(<var
                   1007:     title="">header</var>, <var title="">value</var>)</code></a>
1.275     avankest 1008: 
                   1009:    <dd>
                   1010:     <p>Appends an header to the list of <a
                   1011:      href="#author-request-headers">author request headers</a> or if the
                   1012:      header is already in the <a href="#author-request-headers">author
                   1013:      request headers</a> its value appended to.</p>
1.285     avankest 1014: 
                   1015:     <p>Throws an <code>INVALID_STATE_ERR</code> exception if the state is not
                   1016:      <a href="#dom-xmlhttprequest-opened"
                   1017:      title=dom-XMLHttpRequest-OPENED>OPENED</a> or if the <a
                   1018:      href="#send-flag"><code>send()</code> flag</a> is true.</p>
                   1019: 
                   1020:     <p>Throws a <code>SYNTAX_ERR</code> exception if <var
                   1021:      title="">header</var> is not a valid HTTP header field name or if <var
                   1022:      title="">value</var> is not a valid HTTP header field value.</p>
1.275     avankest 1023:   </dl>
1.205     avankest 1024: 
1.284     avankest 1025:   <p class=note>As indicated in the algorithm below certain headers cannot be
                   1026:    set and are left up to the user agent. In addition there are certain other
                   1027:    headers the user agent will take control of if they are not set by the
                   1028:    author as indicated at the end of the <a
                   1029:    href="#dom-xmlhttprequest-send"><code
1.276     avankest 1030:    title=dom-XMLHttpRequest-send>send()</code></a> method section.
1.205     avankest 1031: 
1.275     avankest 1032:   <p>When the <dfn id=dom-xmlhttprequest-setrequestheader
1.284     avankest 1033:    title=dom-XMLHttpRequest-setRequestHeader><code>setRequestHeader(<var
                   1034:    title="">header</var>, <var title="">value</var>)</code></dfn> method is
                   1035:    invoked, the user agent <em class=ct>must</em> run these steps:
1.6       avankest 1036: 
1.205     avankest 1037:   <ol>
                   1038:    <li>
1.277     avankest 1039:     <p>If the state is not <a href="#dom-xmlhttprequest-opened"
                   1040:      title=dom-XMLHttpRequest-OPENED>OPENED</a> raise an
                   1041:      <code>INVALID_STATE_ERR</code> exception and terminate these steps.
1.47      avankest 1042: 
1.205     avankest 1043:    <li>
                   1044:     <p>If the <a href="#send-flag"><code>send()</code> flag</a> is true raise
                   1045:      an <code>INVALID_STATE_ERR</code> exception and terminate these steps.
1.60      avankest 1046: 
1.205     avankest 1047:    <li>
1.258     avankest 1048:     <p>If any code point in <var>header</var> is higher than U+00FF LATIN
1.260     avankest 1049:      SMALL LETTER Y WITH DIAERESIS or after <span title="deflate a DOMString
                   1050:      into an byte sequence">deflating</span> <var>header</var> it does not
                   1051:      match the <a href="#field-name">field-name</a> production raise a
1.258     avankest 1052:      <code>SYNTAX_ERR</code> exception and terminate these steps. Otherwise
1.260     avankest 1053:      let <var>header</var> be the result of <span title="deflate a DOMString
                   1054:      into an byte sequence">deflating</span> <var>header</var>.
1.258     avankest 1055:    </li>
                   1056:    <!-- This sounds lame, but it works. -->
1.6       avankest 1057: 
1.205     avankest 1058:    <li>
1.258     avankest 1059:     <p>If any code point in <var>value</var> is higher than U+00FF LATIN
1.260     avankest 1060:      SMALL LETTER Y WITH DIAERESIS or after <span title="deflate a DOMString
                   1061:      into an byte sequence">deflating</span> <var>value</var> it does not
                   1062:      match the <a href="#field-value">field-value</a> production raise a
1.258     avankest 1063:      <code>SYNTAX_ERR</code> exception and terminate these steps. Otherwise
1.260     avankest 1064:      let <var>value</var> be the result of <span title="deflate a DOMString
                   1065:      into an byte sequence">deflating</span> <var>value</var>.</p>
1.258     avankest 1066:     <!-- This sounds lame, but it works. -->
1.205     avankest 1067:     <p class=note>The empty string is legal and represents the empty header
                   1068:      value.</p>
1.71      avankest 1069: 
1.205     avankest 1070:    <li>
1.261     avankest 1071:     <p>Terminate these steps if <var>header</var> is a case-insensitive match
                   1072:      for one of the following headers:</p>
1.179     avankest 1073: 
1.205     avankest 1074:     <ul>
                   1075:      <li><code>Accept-Charset</code>
1.60      avankest 1076: 
1.205     avankest 1077:      <li><code>Accept-Encoding</code>
1.34      avankest 1078: 
1.205     avankest 1079:      <li><code>Connection</code>
1.34      avankest 1080: 
1.205     avankest 1081:      <li><code>Content-Length</code>
1.177     avankest 1082: 
1.205     avankest 1083:      <li><code>Cookie</code>
1.69      avankest 1084: 
1.205     avankest 1085:      <li><code>Cookie2</code>
1.34      avankest 1086: 
1.205     avankest 1087:      <li><code>Content-Transfer-Encoding</code>
1.177     avankest 1088: 
1.205     avankest 1089:      <li><code>Date</code>
1.177     avankest 1090: 
1.205     avankest 1091:      <li><code>Expect</code>
1.69      avankest 1092: 
1.205     avankest 1093:      <li><code>Host</code>
1.69      avankest 1094: 
1.205     avankest 1095:      <li><code>Keep-Alive</code>
1.34      avankest 1096: 
1.205     avankest 1097:      <li><code>Referer</code>
1.34      avankest 1098: 
1.205     avankest 1099:      <li><code>TE</code>
1.34      avankest 1100: 
1.205     avankest 1101:      <li><code>Trailer</code>
1.34      avankest 1102: 
1.205     avankest 1103:      <li><code>Transfer-Encoding</code>
1.34      avankest 1104: 
1.205     avankest 1105:      <li><code>Upgrade</code>
1.34      avankest 1106: 
1.205     avankest 1107:      <li><code>User-Agent</code>
1.34      avankest 1108: 
1.205     avankest 1109:      <li><code>Via</code>
                   1110:     </ul>
1.69      avankest 1111: 
1.258     avankest 1112:     <p>&hellip; or if the start of <var>header</var> is a case-insensitive
                   1113:      match for <code>Proxy-</code> or <code>Sec-</code> (including when
1.205     avankest 1114:      <var>header</var> is just <code>Proxy-</code> or <code>Sec-</code>).</p>
                   1115: 
1.285     avankest 1116:     <p class=note>The above headers are controlled by the user agent to let
                   1117:      it control those aspects of transport. This guarantees data integrity to
                   1118:      some extent. Header names starting with <code>Sec-</code> are not
                   1119:      allowed to be set to allow new headers to be minted that are guaranteed
                   1120:      not to come from <a
                   1121:      href="#xmlhttprequest"><code>XMLHttpRequest</code></a>.</p>
1.185     avankest 1122: 
1.205     avankest 1123:    <li>
                   1124:     <p>If <var>header</var> is not in the <a
                   1125:      href="#author-request-headers">author request headers</a> list append
                   1126:      <var>header</var> with its associated <var>value</var> to the list and
                   1127:      terminate these steps.
1.6       avankest 1128: 
1.205     avankest 1129:    <li>
                   1130:     <p>If <var>header</var> is in the <a
                   1131:      href="#author-request-headers">author request headers</a> list either
                   1132:      use multiple headers, combine the values or use a combination of those
                   1133:      (section 4.2, RFC 2616). [<cite><a
1.250     avankest 1134:      href="#rfc-rfc2616">RFC2616</a></cite>]
1.205     avankest 1135:    </li>
                   1136:    <!-- XXX it seems UAs always combine the values -->
                   1137:   </ol>
1.18      avankest 1138: 
1.276     avankest 1139:   <p class=note>See also the <a href="#dom-xmlhttprequest-send"><code
                   1140:    title=dom-XMLHttpRequest-send>send()</code></a> method regarding user
                   1141:    agent header handling for caching, authentication, proxies, and cookies.
1.47      avankest 1142: 
1.205     avankest 1143:   <div class=example>
                   1144:    <pre><code>// The following script:
1.18      avankest 1145: var client = new XMLHttpRequest();
                   1146: client.open('GET', 'demo.cgi');
                   1147: client.setRequestHeader('X-Test', 'one');
                   1148: client.setRequestHeader('X-Test', 'two');
                   1149: client.send();
                   1150: 
                   1151: // ...would result in the following header being sent:
                   1152: ...
                   1153: X-Test: one, two
1.60      avankest 1154: ...</code></pre>
1.205     avankest 1155:   </div>
1.6       avankest 1156: 
1.250     avankest 1157:   <h4 id=the-send-method><span class=secno>3.6.3. </span>The <code
1.205     avankest 1158:    title="">send()</code> method</h4>
1.276     avankest 1159: 
                   1160:   <dl class=domintro>
                   1161:    <dt><var title="">client</var> . <a href="#dom-xmlhttprequest-send"><code
                   1162:     title=dom-XMLHttpRequest-send>send(<var title="">data</var>)</code></a>
                   1163: 
                   1164:    <dd>
                   1165:     <p>Initiates the request. The optional argument provides the <a
1.285     avankest 1166:      href="#request-entity-body">request entity body</a>. The argument is
                   1167:      ignored if <a href="#request-method">request method</a> is
                   1168:      <code>GET</code> or <code>HEAD</code>.</p>
                   1169: 
                   1170:     <p>Throws an <code>INVALID_STATE_ERR</code> exception if the state is not
                   1171:      <a href="#dom-xmlhttprequest-opened"
                   1172:      title=dom-XMLHttpRequest-OPENED>OPENED</a> or if the <a
                   1173:      href="#send-flag"><code>send()</code> flag</a> is true.</p>
1.276     avankest 1174:   </dl>
1.205     avankest 1175: 
1.275     avankest 1176:   <p>When the <dfn id=dom-xmlhttprequest-send
1.276     avankest 1177:    title=dom-XMLHttpRequest-send><code>send(<var>data</var>)</code></dfn>
                   1178:    method is invoked, the user agent <em class=ct>must</em> run the following
                   1179:    steps (unless otherwise noted). This algorithm gets aborted when the <a
1.279     avankest 1180:    href="#dom-xmlhttprequest-open"><code
                   1181:    title=dom-XMLHttpRequest-open>open()</code></a> or <a
1.280     avankest 1182:    href="#dom-xmlhttprequest-abort"><code
                   1183:    title=dom-XMLHttpRequest-abort>abort()</code></a> method is invoked. When
                   1184:    the <dfn id=abort-send-algorithm title="abort send()"><code>send()</code>
                   1185:    algorithm is aborted</dfn> the user agent <em class=ct>must</em> terminate
                   1186:    the algorithm after finishing the step it is on.
1.205     avankest 1187: 
                   1188:   <p class=note>The <code title="">send()</code> algorithm can only be
                   1189:    aborted when the <a href="#asynchronous-flag">asynchronous flag</a> is
                   1190:    true and only after the method call has returned.
1.60      avankest 1191: 
1.205     avankest 1192:   <ol>
                   1193:    <li>
1.277     avankest 1194:     <p>If the state is not <a href="#dom-xmlhttprequest-opened"
                   1195:      title=dom-XMLHttpRequest-OPENED>OPENED</a> raise an
                   1196:      <code>INVALID_STATE_ERR</code> exception and terminate these steps.
1.60      avankest 1197: 
1.205     avankest 1198:    <li>
                   1199:     <p>If the <a href="#send-flag"><code>send()</code> flag</a> is true raise
                   1200:      an <code>INVALID_STATE_ERR</code> exception and terminate these steps.
1.60      avankest 1201: 
1.205     avankest 1202:    <li>
1.285     avankest 1203:     <p>If the <a href="#request-method">request method</a> is a
                   1204:      case-sensitive match for <code>GET</code> or <code>HEAD</code> act as if
                   1205:      <var title="">data</var> is null.</p>
1.203     avankest 1206: 
1.241     avankest 1207:     <p>If the <var>data</var> argument has been omitted or is null, do not
                   1208:      include a <a href="#request-entity-body">request entity body</a> and go
                   1209:      to the next step.</p>
1.234     avankest 1210: 
1.250     avankest 1211:     <p>Otherwise, let <var>encoding</var> be null, <var>mime type</var> be
                   1212:      null, and then follow these rules:</p>
1.205     avankest 1213: 
                   1214:     <dl class=switch>
1.250     avankest 1215:      <dt>If <var>data</var> is a <code>Document</code>
1.205     avankest 1216: 
                   1217:      <dd>
1.234     avankest 1218:       <p>Let <var>encoding</var> be the <a
                   1219:        href="#preferred-mime-name">preferred MIME name</a> of the <a
1.246     avankest 1220:        href="#document-character-encoding" title="document's character
1.234     avankest 1221:        encoding">character encoding</a> of <var>data</var>. If
                   1222:        <var>encoding</var> is UTF-16 change it to UTF-8.</p>
                   1223: 
1.250     avankest 1224:       <p>Let <var>mime type</var> be "<code>application/xml;charset=</code>"
                   1225:        followed by <var>encoding</var>.</p>
1.234     avankest 1226: 
                   1227:       <p>Let the <a href="#request-entity-body">request entity body</a> be
1.270     avankest 1228:        the result of getting the <a href="#dom-innerhtml"><code
                   1229:        title=dom-innerHTML>innerHTML</code></a> attribute on <var>data</var>
                   1230:        <a href="#dfn-obtain-unicode" title="convert a DOMString to a sequence
                   1231:        of Unicode characters">converted to Unicode</a> and encoded as
                   1232:        <var>encoding</var>. Re-raise any exception this raises.</p>
1.210     avankest 1233: 
1.235     avankest 1234:       <p class=note>In particular, if the document cannot be serialized an
1.219     avankest 1235:        <code>INVALID_STATE_ERR</code> exception is raised.</p>
                   1236: 
1.205     avankest 1237:       <p class=note>Subsequent changes to the <code>Document</code> have no
                   1238:        effect on what is submitted.</p>
1.239     avankest 1239: 
1.250     avankest 1240:      <dt>If <var>data</var> is a <code>DOMString</code>
1.239     avankest 1241: 
                   1242:      <dd>
1.250     avankest 1243:       <p>Let <var>encoding</var> be UTF-8.</p>
                   1244: 
                   1245:       <p>Let <var>mime type</var> be "<code>text/plain;charset=UTF-8</code>".</p>
                   1246: 
1.239     avankest 1247:       <p>Let the <a href="#request-entity-body">request entity body</a> be
                   1248:        <var>data</var> <a href="#dfn-obtain-unicode" title="convert a
                   1249:        DOMString to a sequence of Unicode characters">converted to
1.250     avankest 1250:        Unicode</a> and encoded as UTF-8.</p>
1.205     avankest 1251:     </dl>
1.103     avankest 1252: 
1.270     avankest 1253:     <p>If a <code>Content-Type</code> header is set using <a
1.284     avankest 1254:      href="#dom-xmlhttprequest-setrequestheader"><code
                   1255:      title=dom-XMLHttpRequest-setRequestHeader>setRequestHeader()</code></a>
1.275     avankest 1256:      whose value is a <a href="#valid-mime-type">valid MIME type</a> and has
                   1257:      a <code>charset</code> parameter whose value is not a case-insensitive
1.284     avankest 1258:      match for <var title="">encoding</var>, and <var title="">encoding</var>
                   1259:      is not null, set all the <code>charset</code> parameters of the
                   1260:      <code>Content-Type</code> header to <var title="">encoding</var>.</p>
1.234     avankest 1261: 
1.270     avankest 1262:     <p>If no <code>Content-Type</code> header has been set using <a
1.284     avankest 1263:      href="#dom-xmlhttprequest-setrequestheader"><code
                   1264:      title=dom-XMLHttpRequest-setRequestHeader>setRequestHeader()</code></a>
                   1265:      and <var title="">mime type</var> is not null set a
                   1266:      <code>Content-Type</code> request header with as value <var
                   1267:      title="">mime type</var>.</p>
1.238     avankest 1268:     <!-- reminder: if we ever change this to always include charset it has
                   1269:     to be included as the first parameter for compatibility reasons -->
                   1270:     
1.167     avankest 1271: 
1.205     avankest 1272:    <li>
                   1273:     <p>If the <a href="#asynchronous-flag">asynchronous flag</a> is false
                   1274:      release the <a href="#storage-mutex">storage mutex</a>.
1.60      avankest 1275: 
1.205     avankest 1276:    <li>
                   1277:     <p>Set the <a href="#error-flag">error flag</a> to false.
1.164     avankest 1278: 
1.205     avankest 1279:    <li>
1.213     avankest 1280:     <p>If the <a href="#asynchronous-flag">asynchronous flag</a> is true run
                   1281:      these substeps:</p>
                   1282: 
                   1283:     <ol>
                   1284:      <li>
1.219     avankest 1285:       <p>Set the <a href="#send-flag"><code>send()</code> flag</a> to true.
                   1286: 
                   1287:      <li>
1.213     avankest 1288:       <p><a href="#dispatch-readystatechange-event">Dispatch a
                   1289:        <code>readystatechange</code> event</a>.</p>
                   1290: 
                   1291:       <p class=note>The state does not change. The event is dispatched for
                   1292:        historical reasons.</p>
                   1293: 
                   1294:      <li>
1.276     avankest 1295:       <p>Return the <a href="#dom-xmlhttprequest-send"><code
                   1296:        title=dom-XMLHttpRequest-send>send()</code></a> method call, but
                   1297:        continue running the steps in this algorithm.
1.213     avankest 1298:     </ol>
                   1299: 
                   1300:    <li>
1.263     avankest 1301:     <p><a href="#fetch">Fetch</a> the <a href="#request-url">request URL</a>
                   1302:      from <i title="">origin</i> <a
1.262     avankest 1303:      href="#xmlhttprequest-origin"><code>XMLHttpRequest</code> origin</a>,
                   1304:      with the <i title="">synchronous flag</i> set if the <a
                   1305:      href="#asynchronous-flag">asynchronous flag</a> is false, using HTTP
1.213     avankest 1306:      method <a href="#request-method">request method</a>, user <a
                   1307:      href="#request-username">request username</a> (if non-null) and password
                   1308:      <a href="#request-password">request password</a> (if non-null), taking
                   1309:      into account the <a href="#request-entity-body">request entity body</a>,
                   1310:      list of <a href="#author-request-headers">author request headers</a> and
                   1311:      the rules listed at the end of this section.</p>
                   1312: 
1.226     avankest 1313:     <dl class=switch>
1.205     avankest 1314:      <dt>If the <a href="#asynchronous-flag">asynchronous flag</a> is false
1.195     avankest 1315: 
1.205     avankest 1316:      <dd>
1.213     avankest 1317:       <p>While making the request also follow the <a
1.221     avankest 1318:        href="#same-origin-request-event-rules">same-origin request event
                   1319:        rules</a>.</p>
1.213     avankest 1320:       <!--
1.250     avankest 1321:          This cannot involve any task queue whatsoever because that would
                   1322:          mean other tasks on the task queue might get processed as well
                   1323:          which is counter to the whole idea of doing things synchronous.
                   1324:         -->
1.213     avankest 1325:       
1.276     avankest 1326:       <p class=note>The <a href="#dom-xmlhttprequest-send"><code
                   1327:        title=dom-XMLHttpRequest-send>send()</code></a> method call will now
                   1328:        be returned by virtue of this algorithm ending.</p>
1.205     avankest 1329: 
                   1330:      <dt>If the <a href="#asynchronous-flag">asynchronous flag</a> is true
                   1331: 
                   1332:      <dd>
1.250     avankest 1333:       <p><span>Make progress notifications</span>.</p>
                   1334: 
                   1335:       <p><span>Make upload progress notifications</span>.</p>
                   1336: 
1.213     avankest 1337:       <p>While processing the request, as data becomes available and when the
1.250     avankest 1338:        user interferes with the request, <a href="#queue-a-task" title="queue
1.257     avankest 1339:        a task">queue tasks</a> to update the <a
                   1340:        href="#response-entity-body">response entity body</a> and follow the
                   1341:        <a href="#same-origin-request-event-rules">same-origin request event
1.256     avankest 1342:        rules</a>.</p>
1.205     avankest 1343:     </dl>
                   1344:   </ol>
1.124     avankest 1345: 
1.205     avankest 1346:   <hr>
                   1347: 
1.229     avankest 1348:   <p>If the user agent allows the end user to configure a proxy it <em
1.250     avankest 1349:    class=ct>should</em> modify the request appropriately; i.e., connect to
                   1350:    the proxy host instead of the origin server, modify the
1.214     avankest 1351:    <code>Request-Line</code> and send <code>Proxy-Authorization</code>
                   1352:    headers as specified.
                   1353: 
1.264     avankest 1354:   <hr>
                   1355: 
                   1356:   <p>If the user agent supports HTTP Authentication and <code
                   1357:    title=http-authorization>Authorization</code> is not in the list of <a
1.220     avankest 1358:    href="#author-request-headers">author request headers</a>, it <em
1.270     avankest 1359:    class=ct>should</em> consider requests originating from the <a
                   1360:    href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object to be part
                   1361:    of the protection space that includes the accessed URIs and send <code
1.264     avankest 1362:    title=http-authorization>Authorization</code> headers and handle <code>401
                   1363:    Unauthorized</code> requests appropriately.
                   1364: 
                   1365:   <p>If authentication fails, <code
                   1366:    title=http-authorization>Authorization</code> is not in the list of <a
                   1367:    href="#author-request-headers">author request headers</a>, <a
                   1368:    href="#request-username">request username</a> is null, and <a
                   1369:    href="#request-password">request password</a> is null, user agents <em
                   1370:    class=ct>should</em> prompt the end user for their username and password.
                   1371: 
                   1372:   <p>If authentication fails, <code
                   1373:    title=http-authorization>Authorization</code> is not in the list of <a
                   1374:    href="#author-request-headers">author request headers</a>, <a
                   1375:    href="#request-username">request username</a> is non-null, and <a
                   1376:    href="#request-password">request password</a> is non-null, user agents <em
                   1377:    class=ct>must not</em> prompt the end user for their username and
                   1378:    password. [<cite><a href="#ref-rfc2617">RFC2617</a></cite>]
1.214     avankest 1379: 
1.271     avankest 1380:   <p class=note>End users are not prompted if username/password are provided
1.279     avankest 1381:    through the <a href="#dom-xmlhttprequest-open"><code
                   1382:    title=dom-XMLHttpRequest-open>open()</code></a> API so that authors can
                   1383:    implement their own user interface.
1.214     avankest 1384: 
1.264     avankest 1385:   <hr>
                   1386: 
1.214     avankest 1387:   <p>If the user agent supports HTTP State Management it <em
                   1388:    class=ct>should</em> persist, discard and send cookies (as received in the
                   1389:    <code>Set-Cookie</code> and <code>Set-Cookie2</code> response headers, and
                   1390:    sent in the <code>Cookie</code> header) as applicable. [<cite><a
1.232     avankest 1391:    href="#ref-cookies">COOKIES</a></cite>]
1.214     avankest 1392: 
1.264     avankest 1393:   <hr>
                   1394: 
1.214     avankest 1395:   <p>If the user agent implements a HTTP cache it <em class=ct>should</em>
1.270     avankest 1396:    respect <code>Cache-Control</code> request headers set by the <a
1.284     avankest 1397:    href="#dom-xmlhttprequest-setrequestheader"><code
                   1398:    title=dom-XMLHttpRequest-setRequestHeader>setRequestHeader()</code></a>
1.275     avankest 1399:    (e.g., <code>Cache-Control: no-cache</code> bypasses the cache). It <em
1.214     avankest 1400:    class=ct>must not</em> send <code>Cache-Control</code> or
1.229     avankest 1401:    <code>Pragma</code> request headers automatically unless the end user
1.284     avankest 1402:    explicitly requests such behavior (e.g. by reloading the page).
1.214     avankest 1403: 
                   1404:   <p>For <code>304 Not Modified</code> responses that are a result of a user
                   1405:    agent generated conditional request the user agent <em class=ct>must</em>
                   1406:    act as if the server gave a <code>200 OK</code> response with the
1.270     avankest 1407:    appropriate content. The user agent <em class=ct>must</em> allow <a
1.284     avankest 1408:    href="#dom-xmlhttprequest-setrequestheader"><code
                   1409:    title=dom-XMLHttpRequest-setRequestHeader>setRequestHeader()</code></a> to
                   1410:    override automatic cache validation by setting request headers (e.g.
1.250     avankest 1411:    <code>If-None-Match</code> or <code>If-Modified-Since</code>), in which
                   1412:    case <code>304 Not Modified</code> responses <em class=ct>must</em> be
                   1413:    passed through. [<cite><a href="#rfc-rfc2616">RFC2616</a></cite>]
1.214     avankest 1414: 
1.264     avankest 1415:   <hr>
                   1416: 
1.214     avankest 1417:   <p>If the user agent implements server-driven content-negotiation it <em
                   1418:    class=ct>should</em> set <code>Accept-Encoding</code> and
1.233     avankest 1419:    <code>Accept-Charset</code> headers as appropriate. For
                   1420:    <code>Accept</code> and <code>Accept-Language</code> the user agent <em
                   1421:    class=ct>must</em> follow these constraints:
                   1422: 
                   1423:   <ul>
                   1424:    <li>
                   1425:     <p>Both headers <em class=ct>must not</em> be modified if they are
1.284     avankest 1426:      already set through <a href="#dom-xmlhttprequest-setrequestheader"><code
                   1427:      title=dom-XMLHttpRequest-setRequestHeader>setRequestHeader()</code></a>.
1.233     avankest 1428: 
                   1429:    <li>
1.270     avankest 1430:     <p>If not set through <a
1.284     avankest 1431:      href="#dom-xmlhttprequest-setrequestheader"><code
                   1432:      title=dom-XMLHttpRequest-setRequestHeader>setRequestHeader()</code></a>
1.257     avankest 1433:      <code>Accept-Language</code> <em class=ct>should</em> be set as
1.233     avankest 1434:      appropriate.
                   1435: 
                   1436:    <li>
1.270     avankest 1437:     <p>If not set through <a
1.284     avankest 1438:      href="#dom-xmlhttprequest-setrequestheader"><code
                   1439:      title=dom-XMLHttpRequest-setRequestHeader>setRequestHeader()</code></a>
1.233     avankest 1440:      <code>Accept</code> <em class=ct>must</em> be set with as value
                   1441:      <code>*/*</code>.
                   1442:   </ul>
                   1443: 
                   1444:   <p>Responses <em class=ct>must</em> have the content-encodings
1.250     avankest 1445:    automatically decoded. [<cite><a href="#rfc-rfc2616">RFC2616</a></cite>]
1.214     avankest 1446: 
1.264     avankest 1447:   <hr>
                   1448: 
1.214     avankest 1449:   <p>Besides the <a href="#author-request-headers">author request headers</a>
                   1450:    user agents <em class=ct>should not</em> include additional request
                   1451:    headers other than those mentioned above or other than those authors are
1.270     avankest 1452:    not allowed to set using <a
1.284     avankest 1453:    href="#dom-xmlhttprequest-setrequestheader"><code
                   1454:    title=dom-XMLHttpRequest-setRequestHeader>setRequestHeader()</code></a>.
1.275     avankest 1455:    This ensures that authors have a reasonably predictable API.
1.214     avankest 1456: 
1.250     avankest 1457:   <h4 id=infrastructure-for-the-send-method><span class=secno>3.6.4.
1.214     avankest 1458:    </span>Infrastructure for the <code title="">send()</code> method</h4>
                   1459: 
1.221     avankest 1460:   <p>The <dfn id=same-origin-request-event-rules>same-origin request event
                   1461:    rules</dfn> are as follows:
1.205     avankest 1462: 
                   1463:   <dl class=switch>
                   1464:    <dt>If the response is an HTTP redirect
                   1465: 
                   1466:    <dd>
1.259     avankest 1467:     <p>If the <a href="#origin">origin</a> of the <a href="#url">URL</a>
                   1468:      conveyed by the <code title=http-location>Location</code> header is <a
                   1469:      href="#same-origin">same origin</a> with the <a
                   1470:      href="#xmlhttprequest-origin"><code>XMLHttpRequest</code> origin</a> and
                   1471:      the redirect does not violate infinite loop precautions, transparently
                   1472:      follow the redirect while observing the <a
1.221     avankest 1473:      href="#same-origin-request-event-rules">same-origin request event
                   1474:      rules</a>.</p>
1.205     avankest 1475: 
1.250     avankest 1476:     <p>Otherwise, this is a <a href="#network-error">network error</a>.</p>
                   1477: 
1.205     avankest 1478:     <p class=note>HTTP places requirements on the user agent regarding the
1.206     avankest 1479:      preservation of the <a href="#request-method">request method</a> and <a
                   1480:      href="#request-entity-body">request entity body</a> during redirects,
1.229     avankest 1481:      and also requires end users to be notified of certain kinds of automatic
1.205     avankest 1482:      redirections.</p>
                   1483:     <!-- XXX HTTP needs fixing here -->
                   1484: 
1.229     avankest 1485:    <dt>If the end user cancels the download
1.205     avankest 1486: 
1.215     avankest 1487:    <dd>
                   1488:     <p>This is an <a href="#abort-error">abort error</a>.
1.119     avankest 1489: 
1.216     avankest 1490:    <dt>In case of network errors
                   1491: 
1.215     avankest 1492:    <dd>
                   1493:     <p>In case of DNS errors, TLS negotiation failure, or other type of
                   1494:      network errors, this is a <a href="#network-error">network error</a>. Do
1.229     avankest 1495:      not request any kind of end user interaction.</p>
1.205     avankest 1496: 
1.215     avankest 1497:     <p class=note>This does not include HTTP responses that indicate some
                   1498:      type of error, such as HTTP status code 410.</p>
1.119     avankest 1499: 
1.215     avankest 1500:    <dt>Once all HTTP headers have been received and the <a
1.259     avankest 1501:     href="#asynchronous-flag">asynchronous flag</a> is true (and this is not
                   1502:     an HTTP redirect)
1.60      avankest 1503: 
1.215     avankest 1504:    <dd>
1.277     avankest 1505:     <p><a href="#switch-headers-received">Switch to the
                   1506:      dom-XMLHttpRequest-HEADERS_RECEIVED</a>.
1.60      avankest 1507: 
1.222     avankest 1508:    <dt>Once the first byte (or more) of the <a
                   1509:     href="#response-entity-body">response entity body</a> has been received
                   1510:     and the <a href="#asynchronous-flag">asynchronous flag</a> is true
                   1511: 
                   1512:    <dt>If there is no <a href="#response-entity-body">response entity
                   1513:     body</a> and the <a href="#asynchronous-flag">asynchronous flag</a> is
1.215     avankest 1514:     true
1.19      avankest 1515: 
1.222     avankest 1516:    <dd>
1.277     avankest 1517:     <p><a href="#switch-loading">Switch to the
                   1518:      dom-XMLHttpRequest-LOADING</a>.
1.222     avankest 1519: 
                   1520:    <dt>Once the whole <a href="#response-entity-body">response entity
                   1521:     body</a> has been received
                   1522: 
                   1523:    <dt>If there is no <a href="#response-entity-body">response entity
1.226     avankest 1524:     body</a> and the <a href="#asynchronous-flag">asynchronous flag</a> is
1.277     avankest 1525:     false or the state is <a href="#dom-xmlhttprequest-loading"
                   1526:     title=dom-XMLHttpRequest-LOADING>LOADING</a>
1.185     avankest 1527: 
1.215     avankest 1528:    <dd>
1.277     avankest 1529:     <p><a href="#switch-done">Switch to the dom-XMLHttpRequest-DONE</a>.
1.215     avankest 1530:   </dl>
1.6       avankest 1531: 
1.215     avankest 1532:   <hr>
1.6       avankest 1533: 
1.215     avankest 1534:   <p>When something is said to be a <dfn id=network-error>network error</dfn>
1.270     avankest 1535:    run the <a href="#request-error">request error</a> steps for exception <a
                   1536:    href="#network-err"><code>NETWORK_ERR</code></a>.
1.62      avankest 1537: 
1.243     avankest 1538:   <p>When something is said to be an <dfn id=abort-error>abort error</dfn>
1.270     avankest 1539:    run the <a href="#request-error">request error</a> steps for exception <a
                   1540:    href="#abort-err"><code>ABORT_ERR</code></a>.
1.84      avankest 1541: 
1.244     avankest 1542:   <p>When something is said to be a <dfn id=request-error>request error</dfn>
                   1543:    for exception <var>exception</var> run these steps:
1.60      avankest 1544: 
1.256     avankest 1545:   <ol>
                   1546:    <li>
                   1547:     <p>The user agent <em class=ct>should</em> cancel any network activity
                   1548:      for which the object is responsible.
                   1549: 
                   1550:    <li>
                   1551:     <p>If there are any <a href="#task" title=task>tasks</a> from the
                   1552:      object's <a
                   1553:      href="#xmlhttprequest-task-source"><code>XMLHttpRequest</code> task
                   1554:      source</a> in one of the <a href="#task-queues">task queues</a>, then
                   1555:      remove those tasks.
1.252     avankest 1556: 
1.215     avankest 1557:    <li>
                   1558:     <p>Set the <a href="#response-entity-body">response entity body</a> to
                   1559:      null.
1.205     avankest 1560: 
1.215     avankest 1561:    <li>
1.256     avankest 1562:     <p>Empty the list of <a href="#author-request-headers">author request
                   1563:      headers</a>.
1.205     avankest 1564: 
1.215     avankest 1565:    <li>
1.256     avankest 1566:     <p>Set the the <a href="#error-flag">error flag</a> to true.
1.205     avankest 1567: 
1.215     avankest 1568:    <li>
1.277     avankest 1569:     <p>Switch the state to <a href="#dom-xmlhttprequest-done"
                   1570:      title=dom-XMLHttpRequest-DONE>DONE</a>.
1.205     avankest 1571: 
1.215     avankest 1572:    <li>
                   1573:     <p>If the <a href="#asynchronous-flag">asynchronous flag</a> is false
1.243     avankest 1574:      raise an <var>exception</var> exception and terminate the overall set of
                   1575:      steps.
1.205     avankest 1576: 
1.215     avankest 1577:    <li>
1.251     avankest 1578:     <p><a href="#dispatch-readystatechange-event">Dispatch a
1.250     avankest 1579:      <code>readystatechange</code> event</a>.</p>
                   1580: 
                   1581:     <p class=note>At this point it is clear that the <a
                   1582:      href="#asynchronous-flag">asynchronous flag</a> is true.</p>
1.205     avankest 1583: 
1.215     avankest 1584:    <li>
1.250     avankest 1585:     <p>Terminate the overall algorithm.
1.215     avankest 1586:   </ol>
1.6       avankest 1587: 
1.278     avankest 1588:   <p class=note>A future version of this specification will dispatch an <code
1.280     avankest 1589:    title=event-xhr-error>error</code>/<code>abort</code> event here as well.
                   1590:    (Depending on the type of error.)
1.6       avankest 1591: 
1.215     avankest 1592:   <hr>
1.2       avankest 1593: 
1.215     avankest 1594:   <p>When it is said to <dfn id=switch-headers-received>switch to the
1.277     avankest 1595:    dom-XMLHttpRequest-HEADERS_RECEIVED</dfn> run these steps:
1.60      avankest 1596: 
1.215     avankest 1597:   <ol>
                   1598:    <li>
1.277     avankest 1599:     <p>Switch the state to <a href="#dom-xmlhttprequest-headers_received"
                   1600:      title="dom-XMLHttpRequest-HEADERS_RECEIVED">HEADERS_RECEIVED</a>.
1.125     avankest 1601: 
1.215     avankest 1602:    <li>
1.251     avankest 1603:     <p><a href="#dispatch-readystatechange-event">Dispatch a
1.215     avankest 1604:      <code>readystatechange</code> event</a>.
                   1605:   </ol>
1.205     avankest 1606: 
1.277     avankest 1607:   <p>When it is said to <dfn id=switch-loading>switch to the
                   1608:    dom-XMLHttpRequest-LOADING</dfn> run these steps:
1.205     avankest 1609: 
1.215     avankest 1610:   <ol>
                   1611:    <li>
1.277     avankest 1612:     <p>Switch the state to <a href="#dom-xmlhttprequest-loading"
                   1613:      title=dom-XMLHttpRequest-LOADING>LOADING</a>.
1.17      avankest 1614: 
1.215     avankest 1615:    <li>
1.251     avankest 1616:     <p><a href="#dispatch-readystatechange-event">Dispatch a
1.215     avankest 1617:      <code>readystatechange</code> event</a>.
                   1618:   </ol>
1.205     avankest 1619: 
1.277     avankest 1620:   <p>When it is said to <dfn id=switch-done>switch to the
                   1621:    dom-XMLHttpRequest-DONE</dfn> run these steps:
1.218     avankest 1622: 
                   1623:   <ol>
                   1624:    <li>
1.257     avankest 1625:     <p>If the <a href="#asynchronous-flag">asynchronous flag</a> is false
                   1626:      update the <a href="#response-entity-body">response entity body</a>.
                   1627: 
                   1628:    <li>
1.277     avankest 1629:     <p>Switch the state to <a href="#dom-xmlhttprequest-done"
                   1630:      title=dom-XMLHttpRequest-DONE>DONE</a>.
1.218     avankest 1631: 
                   1632:    <li>
1.250     avankest 1633:     <p><a href="#dispatch-readystatechange-event">Dispatch a
1.218     avankest 1634:      <code>readystatechange</code> event</a>.
                   1635:   </ol>
                   1636: 
1.250     avankest 1637:   <h4 id=the-abort-method><span class=secno>3.6.5. </span>The <code
1.205     avankest 1638:    title="">abort()</code> method</h4>
                   1639: 
1.280     avankest 1640:   <dl class=domintro>
                   1641:    <dt><var title="">client</var> . <a href="#dom-xmlhttprequest-abort"><code
                   1642:     title=dom-XMLHttpRequest-abort>abort()</code></a>
                   1643: 
                   1644:    <dd>Cancels any network activity.
                   1645:   </dl>
                   1646: 
                   1647:   <p>When the <dfn id=dom-xmlhttprequest-abort
                   1648:    title=dom-XMLHttpRequest-abort><code>abort()</code></dfn> method is
                   1649:    invoked, the user agent <em class=ct>must</em> run these steps (unless
                   1650:    otherwise noted):
1.205     avankest 1651: 
                   1652:   <ol>
                   1653:    <li>
                   1654:     <p><a href="#abort-send-algorithm" title="abort send()">Abort the
                   1655:      <code>send()</code> algorithm</a>.
1.202     avankest 1656: 
1.205     avankest 1657:    <li>
                   1658:     <p>The user agent <em class=ct>should</em> cancel any network activity
                   1659:      for which the object is responsible.
1.254     avankest 1660: 
                   1661:    <li>
                   1662:     <p>If there are any <a href="#task" title=task>tasks</a> from the
                   1663:      object's <a
                   1664:      href="#xmlhttprequest-task-source"><code>XMLHttpRequest</code> task
                   1665:      source</a> in one of the <a href="#task-queues">task queues</a>, then
                   1666:      remove those tasks.
1.205     avankest 1667: 
                   1668:    <li>
                   1669:     <p>Set the <a href="#response-entity-body">response entity body</a> to
                   1670:      null.
                   1671: 
                   1672:    <li>
1.254     avankest 1673:     <p>Empty the list of <a href="#author-request-headers">author request
                   1674:      headers</a>.
1.205     avankest 1675: 
                   1676:    <li>
1.254     avankest 1677:     <p>Set the <a href="#error-flag">error flag</a> to true.
1.205     avankest 1678: 
                   1679:    <li>
1.277     avankest 1680:     <p>If the state is <a href="#dom-xmlhttprequest-unsent"
                   1681:      title=dom-XMLHttpRequest-UNSENT>UNSENT</a>, <a
                   1682:      href="#dom-xmlhttprequest-opened"
                   1683:      title=dom-XMLHttpRequest-OPENED>OPENED</a> with the <a
                   1684:      href="#send-flag"><code>send()</code> flag</a> being false, or <a
                   1685:      href="#dom-xmlhttprequest-done" title=dom-XMLHttpRequest-DONE>DONE</a>
                   1686:      go to the next step.</p>
1.205     avankest 1687: 
                   1688:     <p>Otherwise run these substeps:</p>
                   1689: 
                   1690:     <ol>
1.202     avankest 1691:      <li>
1.277     avankest 1692:       <p>Switch the state to <a href="#dom-xmlhttprequest-done"
                   1693:        title=dom-XMLHttpRequest-DONE>DONE</a>.
1.77      avankest 1694: 
                   1695:      <li>
1.205     avankest 1696:       <p>Set the <a href="#send-flag"><code>send()</code> flag</a> to false.
1.77      avankest 1697: 
                   1698:      <li>
1.205     avankest 1699:       <p><a href="#dispatch-readystatechange-event">Dispatch a
                   1700:        <code>readystatechange</code> event</a>.
1.60      avankest 1701:     </ol>
1.17      avankest 1702: 
1.252     avankest 1703:     <p class=note>A future version of this specification will dispatch an
1.278     avankest 1704:      <code title=event-xhr-abort>abort</code> event here.</p>
1.220     avankest 1705: 
1.205     avankest 1706:    <li>
1.277     avankest 1707:     <p>Switch the state to <a href="#dom-xmlhttprequest-unsent"
                   1708:      title=dom-XMLHttpRequest-UNSENT>UNSENT</a>.</p>
1.205     avankest 1709: 
1.278     avankest 1710:     <p class=note>No <code
                   1711:      title=event-xhr-readystatechange>readystatechange</code> event is
                   1712:      dispatched.</p>
1.205     avankest 1713:   </ol>
                   1714: 
1.250     avankest 1715:   <h3 id=response><span class=secno>3.7. </span>Response</h3>
1.205     avankest 1716: 
1.250     avankest 1717:   <h4 id=the-status-attribute><span class=secno>3.7.1. </span>The <code
1.205     avankest 1718:    title="">status</code> attribute</h4>
                   1719: 
1.281     avankest 1720:   <dl class=domintro>
                   1721:    <dt><var title="">client</var> . <a
                   1722:     href="#dom-xmlhttprequest-status"><code
                   1723:     title=dom-XMLHttpRequest-status>status</code></a>
                   1724: 
                   1725:    <dd>
                   1726:     <p>Returns the HTTP status code.
                   1727:   </dl>
                   1728: 
                   1729:   <p>The <dfn id=dom-xmlhttprequest-status
                   1730:    title=dom-XMLHttpRequest-status><code>status</code></dfn> attribute <em
                   1731:    class=ct>must</em> return the result of running these steps:
1.224     avankest 1732: 
                   1733:   <ol>
                   1734:    <li>
1.277     avankest 1735:     <p>If the state is <a href="#dom-xmlhttprequest-unsent"
                   1736:      title=dom-XMLHttpRequest-UNSENT>UNSENT</a> or <a
                   1737:      href="#dom-xmlhttprequest-opened"
                   1738:      title=dom-XMLHttpRequest-OPENED>OPENED</a> return 0 and terminate these
                   1739:      steps.
1.224     avankest 1740: 
                   1741:    <li>
1.241     avankest 1742:     <p>If the <a href="#error-flag">error flag</a> is true return 0 and
                   1743:      terminate these steps.
1.224     avankest 1744: 
                   1745:    <li>
                   1746:     <p>Return the HTTP status code.
                   1747:   </ol>
1.205     avankest 1748: 
1.250     avankest 1749:   <h4 id=the-statustext-attribute><span class=secno>3.7.2. </span>The <code
1.205     avankest 1750:    title="">statusText</code> attribute</h4>
                   1751: 
1.281     avankest 1752:   <dl class=domintro>
                   1753:    <dt><var title="">client</var> . <a
                   1754:     href="#dom-xmlhttprequest-statustext"><code
                   1755:     title=dom-XMLHttpRequest-statusText>statusText</code></a>
                   1756: 
                   1757:    <dd>
                   1758:     <p>Returns the HTTP status text.
                   1759:   </dl>
                   1760: 
                   1761:   <p>The <dfn id=dom-xmlhttprequest-statustext
                   1762:    title=dom-XMLHttpRequest-statusText><code>statusText</code></dfn>
1.275     avankest 1763:    attribute <em class=ct>must</em> return the result of running these steps:
1.224     avankest 1764: 
                   1765:   <ol>
                   1766:    <li>
1.277     avankest 1767:     <p>If the state is <a href="#dom-xmlhttprequest-unsent"
                   1768:      title=dom-XMLHttpRequest-UNSENT>UNSENT</a> or <a
                   1769:      href="#dom-xmlhttprequest-opened"
                   1770:      title=dom-XMLHttpRequest-OPENED>OPENED</a> return the empty string and
                   1771:      terminate these steps.
1.224     avankest 1772: 
                   1773:    <li>
                   1774:     <p>If the <a href="#error-flag">error flag</a> is true return the empty
                   1775:      string and terminate these steps.
                   1776: 
                   1777:    <li>
                   1778:     <p>Return the HTTP status text.
                   1779:   </ol>
1.205     avankest 1780: 
1.250     avankest 1781:   <h4 id=the-getresponseheader-method><span class=secno>3.7.3. </span>The
1.205     avankest 1782:    <code title="">getResponseHeader()</code> method</h4>
                   1783: 
1.283     avankest 1784:   <dl class=domintro>
                   1785:    <dt><var title="">client</var> . <a
                   1786:     href="#dom-xmlhttprequest-getresponseheader"><code
                   1787:     title=dom-XMLHttpRequest-getResponseHeader>getResponseHeader(<var
                   1788:     title="">header</var>)</code></a>
                   1789: 
                   1790:    <dd>
                   1791:     <p>Returns the header field value from the response of which the field
                   1792:      name matches <var title="">header</var>, unless the field name is
                   1793:      <code>Set-Cookie</code> or <code>Set-Cookie2</code>.
                   1794:   </dl>
                   1795: 
1.275     avankest 1796:   <p>When the <dfn id=dom-xmlhttprequest-getresponseheader
1.283     avankest 1797:    title=dom-XMLHttpRequest-getResponseHeader><code>getResponseHeader(<var
                   1798:    title="">header</var>)</code></dfn> is invoked, the user agent <em
                   1799:    class=ct>must</em> run these steps:
1.205     avankest 1800: 
                   1801:   <ol>
                   1802:    <li>
1.277     avankest 1803:     <p>If the state is <a href="#dom-xmlhttprequest-unsent"
                   1804:      title=dom-XMLHttpRequest-UNSENT>UNSENT</a> or <a
                   1805:      href="#dom-xmlhttprequest-opened"
                   1806:      title=dom-XMLHttpRequest-OPENED>OPENED</a> return null and terminate
                   1807:      these steps.
1.205     avankest 1808: 
                   1809:    <li>
1.241     avankest 1810:     <p>If the <a href="#error-flag">error flag</a> is true return null and
                   1811:      terminate these steps.
1.205     avankest 1812: 
                   1813:    <li>
1.258     avankest 1814:     <p>If any code point in <var>header</var> is higher than U+00FF LATIN
                   1815:      SMALL LETTER Y WITH DIAERESIS return null and terminate these steps.
                   1816: 
                   1817:    <li>
1.260     avankest 1818:     <p>Let <var>header</var> be the result of <span title="deflate a
                   1819:      DOMString into an byte sequence">deflating</span> <var>header</var>.
1.258     avankest 1820:    </li>
                   1821:    <!-- This sounds lame, but it works. -->
1.205     avankest 1822: 
                   1823:    <li>
1.258     avankest 1824:     <p>If <var>header</var> is a case-insensitive match for
                   1825:      <code>Set-Cookie</code> or <code>Set-Cookie2</code> return null and
1.205     avankest 1826:      terminate these steps.
                   1827: 
                   1828:    <li>
1.258     avankest 1829:     <p>If <var>header</var> is a case-insensitive match for multiple HTTP
1.260     avankest 1830:      response headers, return the <span title="inflate an byte sequence into
                   1831:      a DOMString">inflated</span> values of these headers as a single
                   1832:      concatenated string separated from each other by a U+002C COMMA U+0020
                   1833:      SPACE character pair and terminate these steps.
1.258     avankest 1834: 
                   1835:    <li>
                   1836:     <p>If <var>header</var> is a case-insensitive match for a single HTTP
1.260     avankest 1837:      response header, return the <span title="inflate an byte sequence into a
                   1838:      DOMString">inflated</span> value of that header and terminate these
                   1839:      steps.
1.205     avankest 1840: 
                   1841:    <li>
1.241     avankest 1842:     <p>Return null.
1.205     avankest 1843:   </ol>
                   1844: 
                   1845:   <div class=example>
1.252     avankest 1846:    <p>For the following script:</p>
                   1847: 
                   1848:    <pre><code>var client = new XMLHttpRequest();
                   1849: client.open("GET", "unicorns-are-teh-awesome.txt", true);
1.6       avankest 1850: client.send();
1.16      avankest 1851: client.onreadystatechange = function() {
1.252     avankest 1852:   if(this.readyState == 2) {
                   1853:     print(client.getResponseHeader("Content-Type"));
                   1854:   }
                   1855: }</code></pre>
                   1856: 
                   1857:    <p>The <code>print()</code> function will get to process something like:</p>
1.1       avankest 1858: 
1.252     avankest 1859:    <pre><code>text/plain; charset=UTF-8</code></pre>
1.205     avankest 1860:   </div>
                   1861: 
1.250     avankest 1862:   <h4 id=the-getallresponseheaders-method><span class=secno>3.7.4. </span>The
1.205     avankest 1863:    <code title="">getAllResponseHeaders()</code> method</h4>
1.2       avankest 1864: 
1.283     avankest 1865:   <dl class=domintro>
                   1866:    <dt><var title="">client</var> . <code
                   1867:     title=dom-XMLHttpRequest-getAllResponseHeaders>getAllResponseHeaders()</code>
                   1868: 
                   1869:    <dd>
                   1870:     <p>Returns all headers from the response, with the exception of those
                   1871:      whose field name is <code>Set-Cookie</code> or <code>Set-Cookie2</code>.
                   1872:   </dl>
                   1873: 
1.205     avankest 1874:   <p>When the <dfn
1.275     avankest 1875:    id=dom-xmlhttprequest-getallresponseheaders><code>getAllResponseHeaders()</code></dfn>
                   1876:    method is invoked, the user agent <em class=ct>must</em> run the following
                   1877:    steps:
1.6       avankest 1878: 
1.205     avankest 1879:   <ol>
                   1880:    <li>
1.277     avankest 1881:     <p>If the state is <a href="#dom-xmlhttprequest-unsent"
                   1882:      title=dom-XMLHttpRequest-UNSENT>UNSENT</a> or <a
                   1883:      href="#dom-xmlhttprequest-opened"
                   1884:      title=dom-XMLHttpRequest-OPENED>OPENED</a> return the empty string and
                   1885:      terminate these steps.
1.205     avankest 1886: 
                   1887:    <li>
                   1888:     <p>If the <a href="#error-flag">error flag</a> is true return the empty
                   1889:      string and terminate these steps.
                   1890: 
                   1891:    <li>
1.258     avankest 1892:     <p>Return all the HTTP headers, excluding headers that are a
                   1893:      case-insensitive match for <code>Set-Cookie</code> or
1.260     avankest 1894:      <code>Set-Cookie2</code>, <span title="inflate an byte sequence into a
                   1895:      DOMString">inflated</span>, as a single string, with each header line
                   1896:      separated by a U+000D CR U+000A LF pair, excluding the status line, and
                   1897:      with each header name and header value separated by a U+003A COLON
                   1898:      U+0020 SPACE pair.
1.205     avankest 1899:   </ol>
                   1900: 
                   1901:   <div class=example>
1.252     avankest 1902:    <p>For the following script:</p>
                   1903: 
                   1904:    <pre><code>var client = new XMLHttpRequest();
                   1905: client.open("GET", "narwhals-too.txt", true);
1.205     avankest 1906: client.send();
                   1907: client.onreadystatechange = function() {
                   1908:  if(this.readyState == 2) {
                   1909:   print(this.getAllResponseHeaders());
                   1910:  }
1.252     avankest 1911: }</code></pre>
                   1912: 
                   1913:    <p>The <code>print()</code> function will get to process something like:</p>
1.205     avankest 1914: 
1.252     avankest 1915:    <pre><code>Date: Sun, 24 Oct 2004 04:58:38 GMT
1.205     avankest 1916: Server: Apache/1.3.31 (Unix)
                   1917: Keep-Alive: timeout=15, max=99
                   1918: Connection: Keep-Alive
                   1919: Transfer-Encoding: chunked
                   1920: Content-Type: text/plain; charset=utf-8</code></pre>
                   1921:   </div>
                   1922: 
1.250     avankest 1923:   <h4 id=response-entity-body0><span class=secno>3.7.5. </span>Response
1.248     avankest 1924:    Entity Body</h4>
1.250     avankest 1925: 
                   1926:   <p>The <dfn id=response-mime-type>response MIME type</dfn> is the MIME type
                   1927:    the <code>Content-Type</code> header contains without any parameters or
                   1928:    null if the header could not be parsed properly or was omitted. The <dfn
                   1929:    id=override-mime-type>override MIME type</dfn> is always null. <dfn
                   1930:    id=final-mime-type>Final MIME type</dfn> is the override MIME type unless
                   1931:    that is null in which case it is the response MIME type.
                   1932: 
                   1933:   <p>The <dfn id=response-charset>response charset</dfn> is the value of the
                   1934:    <code>charset</code> parameter of the <code>Content-Type</code> header or
                   1935:    null if there was no <code>charset</code> parameter or if the header could
                   1936:    not be parsed properly or was omitted. The <dfn
                   1937:    id=override-charset>override charset</dfn> is always null. <dfn
                   1938:    id=final-charset>Final charset</dfn> is the override charset unless that
                   1939:    is null in which case it is the response charset.
                   1940: 
                   1941:   <p class=note><a href="#override-mime-type">Override MIME type</a> and <a
                   1942:    href="#override-charset">override charset</a> are introduced here solely
                   1943:    to make editing several levels of XMLHttpRequest simultaneously somewhat
                   1944:    easier. Apologies for any confusion they might cause.
                   1945: 
                   1946:   <hr>
1.205     avankest 1947: 
                   1948:   <p>The <dfn id=response-entity-body>response entity body</dfn> is the
1.257     avankest 1949:    fragment of the <a href="#entity-body">entity body</a> of the response
1.277     avankest 1950:    received so far (<a href="#dom-xmlhttprequest-loading"
                   1951:    title=dom-XMLHttpRequest-LOADING>LOADING</a>) or the complete entity body
                   1952:    of the response (<a href="#dom-xmlhttprequest-done"
                   1953:    title=dom-XMLHttpRequest-DONE>DONE</a>). If the response does not have an
                   1954:    entity body the response entity body is null.
1.257     avankest 1955: 
                   1956:   <p class=note>The <a href="#response-entity-body">response entity body</a>
1.276     avankest 1957:    is updated as part of the <a href="#dom-xmlhttprequest-send"><code
                   1958:    title=dom-XMLHttpRequest-send>send()</code></a> algorithm.
1.205     avankest 1959: 
                   1960:   <hr>
                   1961: 
                   1962:   <p>The <dfn id=text-response-entity-body>text response entity body</dfn> is
                   1963:    a <code>DOMString</code> representing the <a
1.250     avankest 1964:    href="#response-entity-body">response entity body</a>. The text response
                   1965:    entity body is the return value of the following algorithm:
1.205     avankest 1966: 
                   1967:   <ol>
                   1968:    <li>
1.250     avankest 1969:     <p>If the response entity body is null return the empty string and
                   1970:      terminate these steps.</p>
                   1971: 
                   1972:    <li>
                   1973:     <p>Let <var>charset</var> be the <a href="#final-charset">final
                   1974:      charset</a>.
1.205     avankest 1975: 
                   1976:    <li>
1.250     avankest 1977:     <p>Let <var>mime</var> be the <a href="#final-mime-type">final MIME
                   1978:      type</a>.
1.205     avankest 1979: 
                   1980:    <li>
1.250     avankest 1981:     <p>If <var>charset</var> is null and <var>mime</var> is null,
1.205     avankest 1982:      <code>text/xml</code>, <code>application/xml</code> or ends in <code
1.250     avankest 1983:      title="">+xml</code> use the rules set forth in the XML specifications
                   1984:      to determine the character encoding. Let <var>charset</var> be the
                   1985:      determined character encoding.
1.205     avankest 1986: 
                   1987:    <li>
1.250     avankest 1988:     <p>If <var>charset</var> is null and <var>mime</var> is
                   1989:      <code>text/html</code> follow the rules set forth in the HTML
                   1990:      specification to determine the character encoding. Let
1.205     avankest 1991:      <var>charset</var> be the determined character encoding. [<cite><a
                   1992:      href="#ref-html5">HTML5</a></cite>]
                   1993: 
                   1994:    <li>
                   1995:     <p>If <var>charset</var> is null then, for each of the rows in the
                   1996:      following table, starting with the first one and going down, if the
                   1997:      first bytes of <var>bytes</var> match the bytes given in the first
                   1998:      column, then let <var>charset</var> be the encoding given in the cell in
                   1999:      the second column of that row. If there is no match <var>charset</var>
                   2000:      remains null.</p>
                   2001: 
                   2002:     <table>
                   2003:      <thead>
                   2004:       <tr>
                   2005:        <th>Bytes in Hexadecimal
                   2006: 
                   2007:        <th>Description
                   2008: 
1.239     avankest 2009:      <tbody>
1.205     avankest 2010:       <tr>
                   2011:        <td>FE FF
                   2012: 
                   2013:        <td>UTF-16BE BOM
                   2014: 
                   2015:       <tr>
                   2016:        <td>FF FE
                   2017: 
                   2018:        <td>UTF-16LE BOM
                   2019: 
                   2020:       <tr>
                   2021:        <td>EF BB BF
                   2022: 
1.239     avankest 2023:        <td>UTF-8 BOM
1.205     avankest 2024:     </table>
                   2025: 
                   2026:    <li>
                   2027:     <p>If <var>charset</var> is null let <var>charset</var> be UTF-8.
                   2028: 
                   2029:    <li>
                   2030:     <p>Return the result of decoding the response entity body using
                   2031:      <var>charset</var>. Replace bytes or sequences of bytes that are not
1.250     avankest 2032:      valid accordng to the <var>charset</var> with a single U+FFFD
1.205     avankest 2033:      REPLACEMENT CHARACTER character.
                   2034:   </ol>
                   2035: 
                   2036:   <p class=note>Authors are strongly encouraged to encode their resources
                   2037:    using UTF-8.
                   2038: 
                   2039:   <hr>
                   2040: 
1.250     avankest 2041:   <p>The <dfn id=document-response-entity-body>document response entity
                   2042:    body</dfn> is either a <code>Document</code> representing the <a
                   2043:    href="#response-entity-body">response entity body</a> or null. The
                   2044:    document response entity body is the return value of the following
                   2045:    algorithm:
1.89      avankest 2046: 
1.205     avankest 2047:   <ol>
                   2048:    <li>
                   2049:     <p>If the <a href="#response-entity-body">response entity body</a> is
1.241     avankest 2050:      null terminate these steps and return null.
1.6       avankest 2051: 
1.205     avankest 2052:    <li>
1.250     avankest 2053:     <p>If <a href="#final-mime-type">final MIME type</a> is not null,
                   2054:      <code>text/xml</code>, <code>application/xml</code>, and does not end in
                   2055:      <code title="">+xml</code> terminate these steps and return null.
1.12      avankest 2056: 
1.205     avankest 2057:    <li>
1.268     avankest 2058:     <p>Let <var>document</var> be a <a
                   2059:      href="#cookie-free-document-object">cookie-free <code>Document</code>
                   2060:      object</a> that represents the result of parsing the response entity
                   2061:      body into a document tree following the rules from the XML
                   2062:      specifications. If this fails (unsupported character encoding, namespace
                   2063:      well-formedness error et cetera) terminate these steps return null.
                   2064:      [<cite><a href="#ref-xml">XML</a></cite>]</p>
1.6       avankest 2065: 
1.205     avankest 2066:     <p class=note>Scripts in the resulting document tree will not be
                   2067:      executed, resources referenced will not be loaded and no associated XSLT
                   2068:      will be applied.</p>
1.76      avankest 2069: 
1.205     avankest 2070:    <li>
1.250     avankest 2071:     <p>Return <var>document</var>.
1.205     avankest 2072:   </ol>
1.76      avankest 2073: 
1.250     avankest 2074:   <h4 id=the-responsetext-attribute><span class=secno>3.7.6. </span>The <code
1.205     avankest 2075:    title="">responseText</code> attribute</h4>
1.12      avankest 2076: 
1.281     avankest 2077:   <dl class=domintro>
                   2078:    <dt><var title="">client</var> . <a
                   2079:     href="#dom-xmlhttprequest-responsetext"><code
                   2080:     title=dom-XMLHttpRequest-responseText>responseText</code></a>
                   2081: 
                   2082:    <dd>
                   2083:     <p>Returns the <a href="#text-response-entity-body">text response entity
                   2084:      body</a>.
                   2085:   </dl>
                   2086: 
                   2087:   <p>The <dfn id=dom-xmlhttprequest-responsetext
                   2088:    title=dom-XMLHttpRequest-responseText><code>responseText</code></dfn>
1.275     avankest 2089:    attribute <em class=ct>must</em> return the result of running these steps:
1.6       avankest 2090: 
1.205     avankest 2091:   <ol>
                   2092:    <li>
1.277     avankest 2093:     <p>If the state is not <a href="#dom-xmlhttprequest-loading"
                   2094:      title=dom-XMLHttpRequest-LOADING>LOADING</a> or <a
                   2095:      href="#dom-xmlhttprequest-done" title=dom-XMLHttpRequest-DONE>DONE</a>
1.205     avankest 2096:      return the empty string and terminate these steps.
1.12      avankest 2097: 
1.205     avankest 2098:    <li>
                   2099:     <p>Return the <a href="#text-response-entity-body">text response entity
                   2100:      body</a>.
                   2101:   </ol>
1.2       avankest 2102: 
1.250     avankest 2103:   <h4 id=the-responsexml-attribute><span class=secno>3.7.7. </span>The <code
1.205     avankest 2104:    title="">responseXML</code> attribute</h4>
1.2       avankest 2105: 
1.281     avankest 2106:   <dl class=domintro>
                   2107:    <dt><var title="">client</var> . <a
                   2108:     href="#dom-xmlhttprequest-responsexml"><code
                   2109:     title=dom-XMLHttpRequest-responseXML>responseXML</code></a>
                   2110: 
                   2111:    <dd>
                   2112:     <p>Returns the <a href="#document-response-entity-body">document response
                   2113:      entity body</a>.
                   2114:   </dl>
                   2115: 
                   2116:   <p>The <dfn id=dom-xmlhttprequest-responsexml
                   2117:    title=dom-XMLHttpRequest-responseXML><code>responseXML</code></dfn>
                   2118:    attribute <em class=ct>must</em> return the result of running these steps:
1.2       avankest 2119: 
1.205     avankest 2120:   <ol>
                   2121:    <li>
1.277     avankest 2122:     <p>If the state is not <a href="#dom-xmlhttprequest-done"
                   2123:      title=dom-XMLHttpRequest-DONE>DONE</a> return null and terminate these
                   2124:      steps.
1.2       avankest 2125: 
1.205     avankest 2126:    <li>
1.250     avankest 2127:     <p>Return the <a href="#document-response-entity-body">document response
                   2128:      entity body</a>.
1.205     avankest 2129:   </ol>
1.2       avankest 2130: 
1.250     avankest 2131:   <h2 id=exceptions><span class=secno>4. </span>Exceptions</h2>
1.33      avankest 2132: 
1.139     avankest 2133:   <p>Several algorithms in this specification may result in an exception
                   2134:    being thrown. These exceptions are all part of the group
1.186     avankest 2135:    <code>ExceptionCode</code> and use the <code>DOMException</code> object,
1.139     avankest 2136:    which is defined in DOM Level 3 Core. In addition this specification
                   2137:    extends the <code>ExceptionCode</code> group with several new constants as
1.146     avankest 2138:    indicated below. [<cite><a href="#ref-dom3core">DOM3Core</a></cite>]
1.139     avankest 2139: 
1.194     avankest 2140:   <p class=note>Thus, exceptions used by this specification and not defined
                   2141:    in this section are defined by DOM Level 3 Core.
                   2142: 
1.34      avankest 2143:   <pre
1.139     avankest 2144:    class=idl>const unsigned short <a href="#security-err">SECURITY_ERR</a> = 18;
1.200     avankest 2145: const unsigned short <a href="#network-err">NETWORK_ERR</a> = 19;
                   2146: const unsigned short <a href="#abort-err">ABORT_ERR</a> = 20;</pre>
1.33      avankest 2147: 
1.139     avankest 2148:   <p>The <dfn id=security-err><code>SECURITY_ERR</code></dfn> exception is
                   2149:    raised if an attempt is made to perform an operation or access some data
                   2150:    in a way that would be a security risk or a violation of the user agent's
                   2151:    security policy.</p>
                   2152:   <!-- http://lists.w3.org/Archives/Public/public-webapi/2006May/0027.html -->
                   2153: 
1.35      avankest 2154:   <p>The <dfn id=network-err><code>NETWORK_ERR</code></dfn> exception is
1.139     avankest 2155:    raised when a network error occurs in synchronous requests.
1.122     avankest 2156: 
1.139     avankest 2157:   <p>The <dfn id=abort-err><code>ABORT_ERR</code></dfn> exception is raised
1.122     avankest 2158:    when the user aborts a request in synchronous requests.
                   2159: 
1.242     avankest 2160:   <p class=note>These exceptions will be folded into an update of DOM Level 3
                   2161:    Core in due course, as they are appropriate for other API specifications
1.200     avankest 2162:    as well.
                   2163: 
1.250     avankest 2164:   <h2 class=no-num id=references>References</h2>
1.2       avankest 2165: 
1.178     avankest 2166:   <p>Unless marked "Non-normative" these references are normative.
                   2167: 
1.7       avankest 2168:   <dl>
1.232     avankest 2169:    <dt>[<dfn id=ref-cookies>COOKIES</dfn>]
1.205     avankest 2170: 
1.273     avankest 2171:    <dd><cite><a
                   2172:     href="http://tools.ietf.org/html/draft-ietf-httpstate-cookie">HTTP State
                   2173:     Management Mechanism</a></cite> (work in progress), A. Barth. IETF.
1.205     avankest 2174: 
1.156     avankest 2175:    <dt>[<dfn id=ref-dom2events>DOM2Events</dfn>]
                   2176: 
                   2177:    <dd><cite><a href="http://www.w3.org/TR/DOM-Level-2-Events/">Document
1.272     avankest 2178:     Object Model (DOM) Level 2 Events Specification</a></cite>, T. Pixley.
                   2179:     W3C.
1.156     avankest 2180: 
1.146     avankest 2181:    <dt>[<dfn id=ref-dom3core>DOM3Core</dfn>]
1.2       avankest 2182: 
1.15      avankest 2183:    <dd><cite><a href="http://www.w3.org/TR/DOM-Level-3-Core">Document Object
                   2184:     Model (DOM) Level 3 Core Specification</a></cite>, A. Le Hors, P. Le
1.272     avankest 2185:     H&eacute;garet, L. Wood, G. Nicol, J. Robie, M. Champion, S. Byrne. W3C.
1.2       avankest 2186: 
1.39      avankest 2187:    <dt>[<dfn id=ref-ecmascript>ECMAScript</dfn>]
1.18      avankest 2188: 
                   2189:    <dd><cite><a
                   2190:     href="http://www.ecma-international.org/publications/standards/Ecma-262.htm">ECMAScript
1.272     avankest 2191:     Language Specification</a></cite>. ECMA.
1.18      avankest 2192: 
1.146     avankest 2193:    <dt>[<dfn id=ref-html5>HTML5</dfn>]
1.143     avankest 2194: 
1.252     avankest 2195:    <dd><cite><a href="http://www.w3.org/html/wg/html5/">HTML5</a></cite>
1.272     avankest 2196:     (work in progress), I. Hickson. W3C.
1.172     avankest 2197: 
                   2198:    <dd><cite><a
1.252     avankest 2199:     href="http://www.whatwg.org/specs/html5/current-work/">HTML5</a></cite>
1.272     avankest 2200:     (work in progress), I. Hickson. WHATWG.
1.18      avankest 2201: 
1.199     avankest 2202:    <dt>[<dfn id=ref-httpverbsec>HTTPVERBSEC</dfn>]
                   2203: 
                   2204:    <dd>(Non-normative) <cite><a
                   2205:     href="http://www.kb.cert.org/vuls/id/867593">Multiple vendors' web
                   2206:     servers enable HTTP TRACE method by default</a></cite>, US-CERT.
                   2207: 
                   2208:    <dd>(Non-normative) <cite><a
                   2209:     href="http://www.kb.cert.org/vuls/id/288308">Microsoft Internet
                   2210:     Information Server (IIS) vulnerable to cross-site scripting via HTTP
                   2211:     TRACK method</a></cite>, US-CERT.
                   2212: 
                   2213:    <dd>(Non-normative) <cite><a
                   2214:     href="http://www.kb.cert.org/vuls/id/150227">HTTP proxy default
                   2215:     configurations allow arbitrary TCP connections</a></cite>, US-CERT.
                   2216: 
1.250     avankest 2217:    <dt>[<dfn id=ref-rfc2046>RFC2046</dfn>]
                   2218: 
                   2219:    <dd><cite><a href="http://ietf.org/rfc/rfc2046">Multipurpose Internet Mail
                   2220:     Extensions (MIME) Part Two: Media Types</a></cite>, N. Freed, N.
1.272     avankest 2221:     Borenstein. IETF.
1.250     avankest 2222: 
1.146     avankest 2223:    <dt>[<dfn id=ref-rfc2119>RFC2119</dfn>]
1.15      avankest 2224: 
1.118     avankest 2225:    <dd><cite><a href="http://ietf.org/rfc/rfc2119">Key words for use in RFCs
1.272     avankest 2226:     to Indicate Requirement Levels</a></cite>, S. Bradner. IETF.
1.15      avankest 2227: 
1.250     avankest 2228:    <dt>[<dfn id=rfc-rfc2616>RFC2616</dfn>]
1.15      avankest 2229: 
                   2230:    <dd><cite><a href="http://ietf.org/rfc/rfc2616">Hypertext Transfer
                   2231:     Protocol -- HTTP/1.1</a></cite>, R. Fielding, J. Gettys, J. Mogul, H.
1.272     avankest 2232:     Frystyk, L. Masinter, P. Leach, T. Berners-Lee. IETF.
1.15      avankest 2233: 
1.39      avankest 2234:    <dt>[<dfn id=ref-rfc2617>RFC2617</dfn>]
1.15      avankest 2235: 
                   2236:    <dd><cite><a href="http://ietf.org/rfc/rfc2617">HTTP Authentication: Basic
1.93      avankest 2237:     and Digest Access Authentication</a></cite>, P. Hallam-Baker, J.
1.272     avankest 2238:     Hostetler, S. Lawrence, P. Leach, A. Luotonen, L. Stewart. IETF.
1.2       avankest 2239: 
1.39      avankest 2240:    <dt>[<dfn id=ref-rfc3986>RFC3986</dfn>]
1.2       avankest 2241: 
1.15      avankest 2242:    <dd><cite><a href="http://ietf.org/rfc/rfc3986">Uniform Resource
                   2243:     Identifier (URI): Generic Syntax</a></cite>, T. Berners-Lee, R. Fielding,
1.272     avankest 2244:     L. Masinter. IETF.
1.188     avankest 2245: 
1.250     avankest 2246:    <dt>[<dfn id=ref-rfc3987>RFC3987</dfn>]
                   2247: 
                   2248:    <dd><cite><a href="http://ietf.org/rfc/rfc3987">Internationalized Resource
1.272     avankest 2249:     Identifiers (IRIs)</a></cite>, M. Duerst, M. Suignard. IETF.
1.250     avankest 2250: 
1.205     avankest 2251:    <dt>[<dfn id=ref-webidl>WebIDL</dfn>]
1.182     avankest 2252: 
1.201     avankest 2253:    <dd><cite><a href="http://dev.w3.org/2006/webapi/WebIDL/">Web
1.272     avankest 2254:     IDL</a></cite> (work in progress), C. McCormack. W3C.</dd>
1.252     avankest 2255:    <!-- XXX add Sam -->
1.182     avankest 2256: 
1.43      avankest 2257:    <dt>[<dfn id=ref-xml>XML</dfn>]
                   2258: 
                   2259:    <dd><cite><a href="http://www.w3.org/TR/xml/">Extensible Markup Language
1.272     avankest 2260:     (XML) 1.0</a></cite>, T. Bray, J. Paoli, C. Sperberg-McQueen, E. Maler,
                   2261:     F. Yergeau. W3C.
1.43      avankest 2262: 
1.272     avankest 2263:    <dd><cite><a href="http://www.w3.org/TR/xml-names/">Namespaces in
                   2264:     XML</a></cite>, T. Bray, D. Hollander, A. Layman, R. Tobin, H. S.
                   2265:     Thompson. W3C.
1.2       avankest 2266:   </dl>
                   2267: 
1.131     avankest 2268:   <h2 class=no-num id=acknowledgments>Acknowledgments</h2>
1.2       avankest 2269: 
1.164     avankest 2270:   <p>The editor would like to thank Addison Phillips, Ahmed Kamel, Alex
                   2271:    Hopmann, Alex Vincent, Alexey Proskuryakov, Asbj&oslash;rn Ulsberg, Boris
                   2272:    Zbarsky, Bj&ouml;rn H&ouml;hrmann, Cameron McCormack, Christophe Jolif,
1.250     avankest 2273:    Charles McCathieNevile, Dan Winship, David Andersson, David
                   2274:    H&aring;s&auml;ther, David Levin, Dean Jackson, Denis Sureau, Doug
                   2275:    Schepers, Douglas Livingstone, Elliotte Harold, Eric Lawrence, Erik
                   2276:    Dahlstr&ouml;m, Geoffrey Sneddon, Gideon Cohn, Gorm Haug Eriksen,
                   2277:    H&aring;kon Wium Lie, Hallvord R. M. Steen, Huub Schaeks, Ian Davis, Ian
                   2278:    Hickson, Ivan Herman, Jeff Walden, Jens Lindstr&ouml;m, Jim Deegan, Jim
                   2279:    Ley, Joe Farro, Jonas Sicking, Julian Reschke, Karl Dubost, Lachlan Hunt,
                   2280:    Maciej Stachowiak, Magnus Kristiansen, Marc Hadley, Marcos Caceres, Mark
1.272     avankest 2281:    Baker, Mark Birbeck, Mark Nottingham, Mark S. Miller, Martin Hassman,
                   2282:    Mohamed Zergaoui, Olli Pettay, Pawel Glowacki, Peter Michaux, Philip
                   2283:    Taylor, Robin Berjon, Rune Halvorsen, Ruud Steltenpool, Simon Pieters,
                   2284:    Stewart Brodie, Sunava Dutta, Thomas Roessler, Tom Magliery, and Zhenbin
                   2285:    Xu for their contributions to this specification.
1.2       avankest 2286: 
                   2287:   <p>Special thanks to the Microsoft employees who first implemented the
1.144     avankest 2288:    <code title="">XMLHttpRequest</code> interface, which was first widely
                   2289:    deployed by the Windows Internet Explorer browser.
1.2       avankest 2290: 
1.56      avankest 2291:   <p>Special thanks also to the WHATWG for drafting an initial version of
1.131     avankest 2292:    this specification in their Web Applications 1.0 document (now renamed to
1.252     avankest 2293:    HTML5). [<cite><a href="#ref-html5">HTML5</a></cite>]
1.2       avankest 2294: 
                   2295:   <p>Thanks also to all those who have helped to improve this specification
                   2296:    by sending suggestions and corrections. (Please, keep bugging us with your
                   2297:    issues!)

Webmaster