Annotation of 2006/webapi/XMLHttpRequest/Overview.html, revision 1.299

1.1       avankest    1: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">
1.2       avankest    2: 
1.25      avankest    3: <html lang=en-US>
1.1       avankest    4:  <head>
1.209     avankest    5:   <title>XMLHttpRequest</title>
1.2       avankest    6: 
1.20      avankest    7:   <style type="text/css">
1.118     avankest    8:    pre.idl { border:solid thin; background:#eee; color:#000; padding:0.5em }
1.20      avankest    9:    pre.idl :link, pre.idl :visited { color:inherit; background:transparent }
1.60      avankest   10:    pre code { color:inherit; background:transparent }
1.20      avankest   11:    div.example { margin-left:1em; padding-left:1em; border-left:double; color:#222; background:#fcfcfc }
1.90      avankest   12:    .note { margin-left:2em; font-weight:bold; font-style:italic; color:#008000 }
1.20      avankest   13:    p.note::before { content:"Note: " }
1.205     avankest   14:    .XXX { padding:.5em; border:solid #f00 }
                     15:    p.XXX::before { content:"Issue: " }
1.120     avankest   16:    dl.switch { padding-left:2em }
1.250     avankest   17:    dl.switch > dt { text-indent:-1.5em }
                     18:    dl.switch > dt:before { content:'\21AA'; padding:0 0.5em 0 0; display:inline-block; width:1em; text-align:right; line-height:0.5em }
1.274     avankest   19:    dl.domintro { color: green; margin: 2em 0 2em 2em; padding: 0.5em 1em; border: none; background: #DDFFDD; }
                     20:    dl.domintro dt, dl.domintro dt * { color: black; text-decoration: none; }
                     21:    dl.domintro dd { margin: 0.5em 0 1em 2em; padding: 0; }
                     22:    dl.domintro dd p { margin: 0.5em 0; }
                     23:    dl.domintro:before { display: table; margin: -1em -0.5em -0.5em auto; width: auto; content: 'This box is non-normative. Implementation requirements are given below this box.'; color: red; border: solid 2px; background: white; padding: 0 0.25em; }
1.232     avankest   24:    em.ct { text-transform:lowercase; font-variant:small-caps; font-style:normal }
                     25:    dfn { font-weight:bold; font-style:normal }
                     26:    code { color:orangered }
                     27:    code :link, code :visited { color:inherit }
                     28:    hr:not(.top) { display:block; background:none; border:none; padding:0; margin:2em 0; height:auto }
                     29:    table { border-collapse:collapse; border-style:hidden hidden none hidden }
                     30:    table thead { border-bottom:solid }
                     31:    table tbody th:first-child { border-left:solid }
                     32:    table td, table th { border-left:solid; border-right:solid; border-bottom:solid thin; vertical-align:top; padding:0.2em }
                     33:   </style>
1.296     avankest   34:   <link href="http://www.w3.org/StyleSheets/TR/W3C-ED" rel=stylesheet>
1.2       avankest   35: 
1.1       avankest   36:  <body>
1.25      avankest   37:   <div class=head>
                     38:    <p><a href="http://www.w3.org/"><img alt=W3C height=48
                     39:     src="http://www.w3.org/Icons/w3c_home" width=72></a></p>
1.2       avankest   40: 
1.231     avankest   41:    <h1 class=head id=the-xmlhttprequest-object>XMLHttpRequest</h1>
1.2       avankest   42: 
1.299   ! avankest   43:    <h2 class="no-num no-toc" id=w3c-doctype>Editor's Draft 5 August 2010</h2>
1.2       avankest   44: 
1.1       avankest   45:    <dl>
1.154     avankest   46:     <dt>This Version:
1.2       avankest   47: 
                     48:     <dd><a
1.299   ! avankest   49:      href="http://www.w3.org/TR/2010/ED-XMLHttpRequest-20100805/">http://www.w3.org/TR/2010/ED-XMLHttpRequest-20100805/</a>
1.2       avankest   50: 
1.14      avankest   51:     <dt>Latest Version:
1.2       avankest   52: 
                     53:     <dd><a
                     54:      href="http://www.w3.org/TR/XMLHttpRequest/">http://www.w3.org/TR/XMLHttpRequest/</a>
                     55: 
1.190     avankest   56:     <dt>Latest Editor Version:
                     57: 
                     58:     <dd><a
                     59:      href="http://dev.w3.org/2006/webapi/XMLHttpRequest/">http://dev.w3.org/2006/webapi/XMLHttpRequest/</a>
                     60: 
1.14      avankest   61:     <dt>Previous Versions:
1.2       avankest   62: 
                     63:     <dd><a
1.296     avankest   64:      href="http://www.w3.org/TR/2010/CR-XMLHttpRequest-20100803/">http://www.w3.org/TR/2010/CR-XMLHttpRequest-20100803/</a>
                     65: 
                     66:     <dd><a
1.293     avankest   67:      href="http://www.w3.org/TR/2009/WD-XMLHttpRequest-20091119/">http://www.w3.org/TR/2009/WD-XMLHttpRequest-20091119/</a>
                     68: 
                     69:     <dd><a
1.233     avankest   70:      href="http://www.w3.org/TR/2009/WD-XMLHttpRequest-20090820/">http://www.w3.org/TR/2009/WD-XMLHttpRequest-20090820/</a>
                     71: 
                     72:     <dd><a
1.174     avankest   73:      href="http://www.w3.org/TR/2008/WD-XMLHttpRequest-20080415/">http://www.w3.org/TR/2008/WD-XMLHttpRequest-20080415/</a>
                     74: 
                     75:     <dd><a
1.155     avankest   76:      href="http://www.w3.org/TR/2007/WD-XMLHttpRequest-20071026/">http://www.w3.org/TR/2007/WD-XMLHttpRequest-20071026/</a>
                     77: 
                     78:     <dd><a
1.134     avankest   79:      href="http://www.w3.org/TR/2007/WD-XMLHttpRequest-20070618/">http://www.w3.org/TR/2007/WD-XMLHttpRequest-20070618/</a>
                     80: 
                     81:     <dd><a
1.60      avankest   82:      href="http://www.w3.org/TR/2007/WD-XMLHttpRequest-20070227/">http://www.w3.org/TR/2007/WD-XMLHttpRequest-20070227/</a>
                     83: 
                     84:     <dd><a
1.25      avankest   85:      href="http://www.w3.org/TR/2006/WD-XMLHttpRequest-20060927/">http://www.w3.org/TR/2006/WD-XMLHttpRequest-20060927/</a>
                     86: 
                     87:     <dd><a
1.2       avankest   88:      href="http://www.w3.org/TR/2006/WD-XMLHttpRequest-20060619/">http://www.w3.org/TR/2006/WD-XMLHttpRequest-20060619/</a>
                     89: 
                     90:     <dd><a
                     91:      href="http://www.w3.org/TR/2006/WD-XMLHttpRequest-20060405/">http://www.w3.org/TR/2006/WD-XMLHttpRequest-20060405/</a>
                     92: 
                     93:     <dt>Editor:
                     94: 
                     95:     <dd><a href="http://annevankesteren.nl/">Anne van Kesteren</a> (<a
                     96:      href="http://www.opera.com/">Opera Software ASA</a>) &lt;<a
                     97:      href="mailto:annevk@opera.com">annevk@opera.com</a>&gt;
1.1       avankest   98:    </dl>
1.2       avankest   99: 
1.25      avankest  100:    <p class=copyright><a
1.2       avankest  101:     href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a>
1.231     avankest  102:     &copy; 2009 <a href="http://www.w3.org/"><acronym title="World Wide Web
1.53      avankest  103:     Consortium">W3C</acronym></a><sup>&reg;</sup> (<a
                    104:     href="http://www.csail.mit.edu/"><acronym title="Massachusetts Institute
                    105:     of Technology">MIT</acronym></a>, <a
                    106:     href="http://www.ercim.org/"><acronym title="European Research Consortium
                    107:     for Informatics and Mathematics">ERCIM</acronym></a>, <a
1.2       avankest  108:     href="http://www.keio.ac.jp/">Keio</a>), All Rights Reserved. W3C <a
                    109:     href="http://www.w3.org/Consortium/Legal/ipr-notice#Legal_Disclaimer">liability</a>,
                    110:     <a
                    111:     href="http://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a>
                    112:     and <a
                    113:     href="http://www.w3.org/Consortium/Legal/copyright-documents">document
                    114:     use</a> rules apply.</p>
1.1       avankest  115:   </div>
1.2       avankest  116: 
                    117:   <hr>
                    118: 
1.25      avankest  119:   <h2 class="no-num no-toc" id=specabstract>Abstract</h2>
1.2       avankest  120: 
1.231     avankest  121:   <p>The XMLHttpRequest specification defines an API that provides scripted
                    122:    client functionality for transferring data between a client and a server.
1.25      avankest  123: 
                    124:   <h2 class="no-num no-toc" id=sotd>Status of this Document</h2>
1.2       avankest  125: 
                    126:   <p><em>This section describes the status of this document at the time of
                    127:    its publication. Other documents may supersede this document. A list of
                    128:    current W3C publications and the latest revision of this technical report
                    129:    can be found in the <a href="http://www.w3.org/TR/">W3C technical reports
1.173     avankest  130:    index</a> at http://www.w3.org/TR/.</em>
1.2       avankest  131: 
1.299   ! avankest  132:   <p>This is the 5 August 2010 <!--Last Call Working Draft-->Editor's Draft
1.296     avankest  133:    of XMLHttpRequest. Please send comments to <a
1.250     avankest  134:    href="mailto:public-webapps@w3.org?subject=[XHR]%20">public-webapps@w3.org</a>
                    135:    (<a
1.209     avankest  136:    href="http://lists.w3.org/Archives/Public/public-webapps/">archived</a>)
1.250     avankest  137:    with <samp>[XHR]</samp> at the start of the subject line.
1.49      avankest  138: 
1.292     avankest  139:   <p>For the last Last Call Working Draft the Working Group has kept a <a
                    140:    href="http://dev.w3.org/2006/webapi/XMLHttpRequest/disposition-of-comments-3">disposition
1.295     avankest  141:    of comments</a> document. A <a
                    142:    href="http://dev.w3.org/cvsweb/2006/webapi/XMLHttpRequest/Overview.src.html">list
                    143:    of changes</a> is available via a Web view of CVS. (Due to the way the
                    144:    document is edited certain commit messages have introduced negligible
                    145:    changes to this document and are in fact only relevant for XMLHttpRequest
                    146:    Level 2.)
1.292     avankest  147: 
1.49      avankest  148:   <p>This document is produced by the <a
1.209     avankest  149:    href="http://www.w3.org/2008/webapps/">Web Applications</a> (WebApps)
1.250     avankest  150:    Working Group. The WebApps Working Group is part of the <a
1.209     avankest  151:    href="http://www.w3.org/2006/rwc/Activity">Rich Web Clients Activity</a>
                    152:    in the W3C <a href="http://www.w3.org/Interaction/">Interaction
1.250     avankest  153:    Domain</a>.
1.2       avankest  154: 
                    155:   <p>This document was produced by a group operating under the <a
                    156:    href="http://www.w3.org/Consortium/Patent-Policy-20040205/">5 February
1.54      avankest  157:    2004 W3C Patent Policy</a>. W3C maintains a <a
1.209     avankest  158:    href="http://www.w3.org/2004/01/pp-impl/42538/status"
1.25      avankest  159:    rel=disclosure>public list of any patent disclosures</a> made in
1.2       avankest  160:    connection with the deliverables of the group; that page also includes
                    161:    instructions for disclosing a patent. An individual who has actual
                    162:    knowledge of a patent which the individual believes contains <a
                    163:    href="http://www.w3.org/Consortium/Patent-Policy-20040205/#def-essential">Essential
                    164:    Claim(s)</a> must disclose the information in accordance with <a
                    165:    href="http://www.w3.org/Consortium/Patent-Policy-20040205/#sec-Disclosure">section
                    166:    6 of the W3C Patent Policy</a>.
                    167: 
1.296     avankest  168:   <p>Publication as a Working Draft does not imply endorsement by the W3C
                    169:    Membership. This is a draft document and may be updated, replaced or
                    170:    obsoleted by other documents at any time. It is inappropriate to cite this
                    171:    document as other than work in progress.
1.250     avankest  172: 
1.273     avankest  173:   <h3 class="no-num no-toc" id=crec>Candidate Recommendation Exit Criteria</h3>
                    174: 
                    175:   <p>To exit the Candidate Recommendation (CR) stage the following criteria
                    176:    <em class=ct>must</em> have been met:
                    177: 
                    178:   <ol>
                    179:    <li>There will be at least two interoperable implementations passing all
1.291     avankest  180:     test cases in the <a
                    181:     href="http://test.w3.org/webapps/tests/XMLHttpRequest/info.htm">test
                    182:     suite</a> for this specification. An implementation is to be available
                    183:     (i.e. for download), shipping (i.e. not private), and not experimental
                    184:     (i.e. intended for a wide audience). The working group will decide when
1.295     avankest  185:     the test suite is of sufficient quality to test interoperability and will
                    186:     produce implementation reports (hosted together with the test suite).
1.273     avankest  187: 
1.296     avankest  188:    <li>A minimum of six months of the CR stage will have elapsed. This is to
                    189:     ensure that enough time is given for any remaining major errors to be
                    190:     caught. The CR period will be extended if implementations are slow to
                    191:     appear.</li>
                    192:    <!-- XXX need to add date -->
1.287     avankest  193: 
1.288     avankest  194:    <li>Text, which can be in a separate document, exists that explains the
                    195:     security considerations for this specification. This may be done in a
                    196:     generic manner as they are most likely applicable to various APIs. The
                    197:     working group will decide whether the text is of sufficient quality.
1.273     avankest  198:   </ol>
                    199: 
1.25      avankest  200:   <h2 class="no-num no-toc" id=toc>Table of Contents</h2>
1.2       avankest  201:   <!--begin-toc-->
                    202: 
1.25      avankest  203:   <ul class=toc>
1.248     avankest  204:    <li><a href="#introduction"><span class=secno>1. </span>Introduction</a>
1.154     avankest  205: 
1.250     avankest  206:    <li><a href="#conformance"><span class=secno>2. </span>Conformance
                    207:     Criteria</a>
1.25      avankest  208:     <ul class=toc>
1.248     avankest  209:      <li><a href="#dependencies"><span class=secno>2.1.
1.154     avankest  210:       </span>Dependencies</a>
1.2       avankest  211: 
1.248     avankest  212:      <li><a href="#terminology"><span class=secno>2.2. </span>Terminology</a>
                    213:       
1.81      avankest  214: 
1.248     avankest  215:      <li><a href="#extensibility"><span class=secno>2.3.
1.154     avankest  216:       </span>Extensibility</a>
                    217:     </ul>
1.81      avankest  218: 
1.250     avankest  219:    <li><a href="#the-xmlhttprequest-interface"><span class=secno>3.
1.248     avankest  220:     </span>The <code title="">XMLHttpRequest</code> Interface</a>
1.25      avankest  221:     <ul class=toc>
1.250     avankest  222:      <li><a href="#origin-and-base-url"><span class=secno>3.1. </span>Origin
1.205     avankest  223:       and Base URL</a>
1.33      avankest  224: 
1.250     avankest  225:      <li><a href="#task-sources"><span class=secno>3.2. </span>Task
1.205     avankest  226:       Sources</a>
                    227: 
1.250     avankest  228:      <li><a href="#constructors"><span class=secno>3.3.
1.213     avankest  229:       </span>Constructors</a>
1.205     avankest  230: 
1.250     avankest  231:      <li><a href="#event-handler-attributes"><span class=secno>3.4.
1.207     avankest  232:       </span>Event Handler Attributes</a>
1.205     avankest  233: 
1.250     avankest  234:      <li><a href="#states"><span class=secno>3.5. </span>States</a>
1.205     avankest  235: 
1.250     avankest  236:      <li><a href="#request"><span class=secno>3.6. </span>Request</a>
1.205     avankest  237:       <ul class=toc>
1.250     avankest  238:        <li><a href="#the-open-method"><span class=secno>3.6.1. </span>The
1.205     avankest  239:         <code title="">open()</code> method</a>
                    240: 
1.250     avankest  241:        <li><a href="#the-setrequestheader-method"><span class=secno>3.6.2.
1.205     avankest  242:         </span>The <code title="">setRequestHeader()</code> method</a>
                    243: 
1.250     avankest  244:        <li><a href="#the-send-method"><span class=secno>3.6.3. </span>The
1.205     avankest  245:         <code title="">send()</code> method</a>
                    246: 
1.214     avankest  247:        <li><a href="#infrastructure-for-the-send-method"><span
1.250     avankest  248:         class=secno>3.6.4. </span>Infrastructure for the <code
1.214     avankest  249:         title="">send()</code> method</a>
                    250: 
1.250     avankest  251:        <li><a href="#the-abort-method"><span class=secno>3.6.5. </span>The
1.205     avankest  252:         <code title="">abort()</code> method</a>
                    253:       </ul>
                    254: 
1.250     avankest  255:      <li><a href="#response"><span class=secno>3.7. </span>Response</a>
1.205     avankest  256:       <ul class=toc>
1.250     avankest  257:        <li><a href="#the-status-attribute"><span class=secno>3.7.1.
1.248     avankest  258:         </span>The <code title="">status</code> attribute</a>
1.205     avankest  259: 
1.250     avankest  260:        <li><a href="#the-statustext-attribute"><span class=secno>3.7.2.
1.205     avankest  261:         </span>The <code title="">statusText</code> attribute</a>
                    262: 
1.250     avankest  263:        <li><a href="#the-getresponseheader-method"><span class=secno>3.7.3.
1.205     avankest  264:         </span>The <code title="">getResponseHeader()</code> method</a>
                    265: 
                    266:        <li><a href="#the-getallresponseheaders-method"><span
1.250     avankest  267:         class=secno>3.7.4. </span>The <code
1.205     avankest  268:         title="">getAllResponseHeaders()</code> method</a>
                    269: 
1.250     avankest  270:        <li><a href="#response-entity-body0"><span class=secno>3.7.5.
1.205     avankest  271:         </span>Response Entity Body</a>
                    272: 
1.250     avankest  273:        <li><a href="#the-responsetext-attribute"><span class=secno>3.7.6.
1.205     avankest  274:         </span>The <code title="">responseText</code> attribute</a>
                    275: 
1.250     avankest  276:        <li><a href="#the-responsexml-attribute"><span class=secno>3.7.7.
1.205     avankest  277:         </span>The <code title="">responseXML</code> attribute</a>
                    278:       </ul>
1.242     avankest  279:     </ul>
1.205     avankest  280: 
1.250     avankest  281:    <li><a href="#exceptions"><span class=secno>4. </span>Exceptions</a>
1.2       avankest  282: 
1.250     avankest  283:    <li class=no-num><a href="#references">References</a>
1.2       avankest  284: 
1.131     avankest  285:    <li class=no-num><a href="#acknowledgments">Acknowledgments</a>
1.2       avankest  286:   </ul>
                    287:   <!--end-toc-->
                    288: 
1.248     avankest  289:   <h2 id=introduction><span class=secno>1. </span>Introduction</h2>
1.2       avankest  290: 
                    291:   <p><em>This section is non-normative.</em>
                    292: 
1.270     avankest  293:   <p>The <a href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object
1.225     avankest  294:    implements an interface exposed by a scripting engine that allows scripts
                    295:    to perform HTTP client functionality, such as submitting form data or
                    296:    loading data from a server. It is the ECMAScript HTTP API.
1.2       avankest  297: 
1.270     avankest  298:   <p>The name of the object is <a
                    299:    href="#xmlhttprequest"><code>XMLHttpRequest</code></a> for compatibility
                    300:    with the Web, though each component of this name is potentially
                    301:    misleading. First, the object supports any text based format, including
                    302:    XML. Second, it can be used to make requests over both HTTP and HTTPS
                    303:    (some implementations support protocols in addition to HTTP and HTTPS, but
                    304:    that functionality is not covered by this specification). Finally, it
                    305:    supports "requests" in a broad sense of the term as it pertains to HTTP;
                    306:    namely all activity involved with HTTP requests or responses for the
                    307:    defined HTTP methods.
1.2       avankest  308: 
1.25      avankest  309:   <div class=example>
1.18      avankest  310:    <p>Some simple code to do something with data from an XML document fetched
                    311:     over the network:</p>
                    312: 
1.60      avankest  313:    <pre><code>function test(data) {
1.18      avankest  314:  // taking care of data
                    315: }
                    316: 
                    317: function handler() {
1.118     avankest  318:  if(this.readyState == 4 &amp;&amp; this.status == 200) {
1.18      avankest  319:   // so far so good
1.118     avankest  320:   if(this.responseXML != null &amp;&amp; this.responseXML.getElementById('test').firstChild.data)
                    321:      // success!
1.18      avankest  322:    test(this.responseXML.getElementById('test').firstChild.data);
                    323:   else
                    324:    test(null);
1.118     avankest  325:  } else if (this.readyState == 4 &amp;&amp; this.status != 200) {
1.18      avankest  326:   // fetched the wrong page or network error...
                    327:   test(null);
                    328:  }
                    329: }
                    330: 
                    331: var client = new XMLHttpRequest();
                    332: client.onreadystatechange = handler;
1.252     avankest  333: client.open("GET", "unicorn.xml");
1.60      avankest  334: client.send();</code></pre>
1.18      avankest  335: 
1.58      avankest  336:    <p>If you just want to log a message to the server:</p>
1.18      avankest  337: 
1.60      avankest  338:    <pre><code>function log(message) {
1.18      avankest  339:  var client = new XMLHttpRequest();
1.58      avankest  340:  client.open("POST", "/log");
1.59      avankest  341:  client.setRequestHeader("Content-Type", "text/plain;charset=UTF-8");
1.18      avankest  342:  client.send(message);
1.60      avankest  343: }</code></pre>
1.18      avankest  344: 
                    345:    <p>Or if you want to check the status of a document on the server:</p>
                    346: 
1.60      avankest  347:    <pre><code>function fetchStatus(address) {
1.18      avankest  348:  var client = new XMLHttpRequest();
                    349:  client.onreadystatechange = function() {
                    350:   // in case of network errors this might not give reliable results
                    351:   if(this.readyState == 4)
                    352:    returnStatus(this.status);
                    353:  }
                    354:  client.open("HEAD", address);
                    355:  client.send();
1.60      avankest  356: }</code></pre>
1.18      avankest  357:   </div>
1.2       avankest  358: 
1.250     avankest  359:   <h2 id=conformance><span class=secno>2. </span>Conformance Criteria</h2>
1.2       avankest  360: 
1.29      avankest  361:   <p>Everything in this specification is normative except for diagrams,
1.2       avankest  362:    examples, notes and sections marked non-normative.
                    363: 
1.25      avankest  364:   <p>The key words <em class=ct>must</em>, <em class=ct>must not</em>, <em
1.261     avankest  365:    class=ct>should</em>, <em class=ct>should not</em>, and <em
                    366:    class=ct>may</em> in this document are to be interpreted as described in
                    367:    RFC 2119. [<cite><a href="#ref-rfc2119">RFC2119</a></cite>]
1.2       avankest  368: 
                    369:   <p>This specification defines the following classes of products:
                    370: 
                    371:   <dl>
1.75      avankest  372:    <dt><dfn id=conforming-user-agent>Conforming user agent</dfn>
1.2       avankest  373: 
1.75      avankest  374:    <dd>
                    375:     <p>A user agent <em class=ct>must</em> behave as described in this
1.107     avankest  376:      specification in order to be considered conformant.</p>
1.75      avankest  377: 
1.226     avankest  378:     <p>If the user agent is not a <a
1.250     avankest  379:      href="#conforming-xml-user-agent">conforming XML user agent</a> the
                    380:      <span>XML response entity body</span> <em class=ct>must</em> (always) be
                    381:      null.</p>
1.141     avankest  382: 
                    383:     <p>User agents <em class=ct>may</em> implement algorithms given in this
                    384:      specification in any way desired, so long as the end result is
                    385:      indistinguishable from the result that would be obtained by the
                    386:      specification's algorithms.</p>
1.2       avankest  387: 
1.96      avankest  388:     <p class=note>This specification uses both the terms "conforming user
                    389:      agent(s)" and "user agent(s)" to refer to this product class.</p>
                    390: 
1.95      avankest  391:    <dt><dfn id=conforming-xml-user-agent>Conforming XML user agent</dfn>
                    392: 
                    393:    <dd>
1.164     avankest  394:     <p>An XML user agent <em class=ct>must</em> be a <a
                    395:      href="#conforming-user-agent">conforming user agent</a> and <em
                    396:      class=ct>must</em> be a conforming XML processor that reports violations
                    397:      of namespace well-formedness. [<cite><a href="#ref-xml">XML</a></cite>]
1.2       avankest  398:   </dl>
                    399: 
1.248     avankest  400:   <h3 id=dependencies><span class=secno>2.1. </span>Dependencies</h3>
1.2       avankest  401: 
1.31      avankest  402:   <p>This specification relies on several underlying specifications.
1.2       avankest  403: 
1.31      avankest  404:   <dl>
                    405:    <dt>DOM
1.2       avankest  406: 
1.31      avankest  407:    <dd>
1.127     avankest  408:     <p>A <a href="#conforming-user-agent" title="conforming user
1.177     avankest  409:      agent">conforming user agent</a> <em class=ct>must</em> support at least
                    410:      the subset of the functionality defined in DOM Events and DOM Core that
1.183     avankest  411:      this specification relies upon, such as various exceptions and
                    412:      <code>EventTarget</code>. [<cite><a
1.156     avankest  413:      href="#ref-dom2events">DOM2Events</a></cite>] [<cite><a
                    414:      href="#ref-dom3core">DOM3Core</a></cite>]
1.2       avankest  415: 
1.252     avankest  416:    <dt>HTML5
1.162     avankest  417: 
                    418:    <dd>
1.183     avankest  419:     <p>A <a href="#conforming-user-agent">conforming user agent</a> <em
1.190     avankest  420:      class=ct>must</em> support at least the subset of the functionality
1.252     avankest  421:      defined in HTML5 that this specification relies upon, such as the basics
                    422:      of the <code>Window</code> object and serializing a
1.198     avankest  423:      <code>Document</code> object. [<cite><a
                    424:      href="#ref-html5">HTML5</a></cite>]</p>
1.190     avankest  425: 
1.162     avankest  426:     <p class=note>The <a
                    427:      href="http://www.w3.org/TR/2006/WD-Window-20060407/">Window Object
                    428:      1.0</a> draft is not referenced normatively as it appears to be no
1.252     avankest  429:      longer maintained and HTML5 defines the <code>Window</code> object in
                    430:      more detail. This specification already depends on HTML5 for other
                    431:      reasons so there is not much additional overhead because of this.</p>
1.162     avankest  432: 
1.31      avankest  433:    <dt>HTTP
1.11      avankest  434: 
1.31      avankest  435:    <dd>
1.250     avankest  436:     <p>A <a href="#conforming-user-agent" title="conforming user
                    437:      agent">conforming user agent</a> <em class=ct>must</em> support some
                    438:      version of the HTTP protocol. Requirements regarding HTTP are made
                    439:      throughout the specification. [<cite><a
                    440:      href="#rfc-rfc2616">RFC2616</a></cite>]
1.182     avankest  441: 
                    442:    <dt>Web IDL
                    443: 
1.250     avankest  444:    <dd>
                    445:     <p>A <a href="#conforming-user-agent">conforming user agent</a> <em
                    446:      class=ct>must</em> also be a conforming implementation of the IDL
                    447:      fragments in this specification, as described in the Web IDL
                    448:      specification. [<cite><a href="#ref-webidl">WebIDL</a></cite>]
1.31      avankest  449:   </dl>
1.2       avankest  450: 
1.248     avankest  451:   <h3 id=terminology><span class=secno>2.2. </span>Terminology</h3>
1.211     avankest  452: 
1.286     avankest  453:   <p><dfn id=dfn-obtain-unicode>Convert a DOMString to a sequence of Unicode
1.235     avankest  454:    characters</dfn> is defined by the Web IDL specification. [<cite><a
                    455:    href="#ref-webidl">WebIDL</a></cite>]
                    456: 
1.259     avankest  457:   <p>The terms and algorithms <dfn
                    458:    id=url-fragment><code>&lt;fragment></code></dfn>, <dfn
                    459:    id=url-scheme><code>&lt;scheme></code></dfn>, <dfn
1.268     avankest  460:    id=cookie-free-document-object>cookie-free <code>Document</code>
                    461:    object</dfn>, <dfn id=document-base-url>document base URL</dfn>, <dfn
1.259     avankest  462:    id=document-character-encoding>document's character encoding</dfn>, <dfn
                    463:    id=event-handler-attributes-0>event handler attributes</dfn>, <dfn
                    464:    id=event-handler-event-type>event handler event type</dfn>, <dfn
1.262     avankest  465:    id=fetch>fetch</dfn>, <dfn id=fully-active>fully active</dfn>, <dfn
1.227     avankest  466:    id=function><code>Function</code></dfn>, <dfn id=dom-innerhtml
                    467:    title=dom-innerHTML><code>innerHTML</code></dfn>, <dfn
1.234     avankest  468:    id=origin>origin</dfn>, <dfn id=preferred-mime-name>preferred MIME
                    469:    name</dfn>, <dfn id=resolve-a-url>resolve a URL</dfn>, <dfn
1.227     avankest  470:    id=same-origin>same origin</dfn>, <dfn id=storage-mutex>storage
                    471:    mutex</dfn>, <dfn id=task>task</dfn>, <dfn id=task-source>task
1.254     avankest  472:    source</dfn>, <dfn id=task-queues>task queues</dfn>, <dfn
                    473:    id=url>URL</dfn>, <dfn id=url-character-encoding>URL character
                    474:    encoding</dfn>, <dfn id=queue-a-task>queue a task</dfn>, and <dfn
                    475:    id=valid-mime-type>valid MIME type</dfn> are defined by the HTML5
1.252     avankest  476:    specification. [<cite><a href="#ref-html5">HTML5</a></cite>]
1.205     avankest  477: 
                    478:   <p>The term <dfn id=entity-body>entity body</dfn> is used as described in
                    479:    RFC 2616. <dfn id=method-token>Method token</dfn> is used as described in
                    480:    section 5.1.1 of RFC 2616. <dfn
                    481:    id=field-name><code>field-name</code></dfn> and <dfn
                    482:    id=field-value><code>field-value</code></dfn> are used as described in
1.250     avankest  483:    section 4.2 of RFC 2616. [<cite><a href="#rfc-rfc2616">RFC2616</a></cite>]
1.205     avankest  484: 
1.260     avankest  485:   <p>To <dfn id=deflate-a-domstring-into-a-byte-sequence>deflate a DOMString
                    486:    into a byte sequence</dfn> means to create a sequence of bytes such that
                    487:    the <var title="">n</var>th byte of the sequence is equal to the low-order
                    488:    byte of the <var title="">n</var>th code point in the original DOMString.
                    489: 
                    490:   <p>To <dfn id=inflate-a-byte-sequence-into-a-domstring>inflate a byte
                    491:    sequence into a DOMString</dfn> means to create a DOMString such that the
                    492:    <var title="">n</var>th code point has 0x00 as the high-order byte and the
                    493:    <var title="">n</var>th byte of the byte sequence as the low-order byte.
1.258     avankest  494: 
1.205     avankest  495:   <p><dfn id=userinfo><code>userinfo</code></dfn> is used as described in
                    496:    section 3.2.1 of RFC 3986. [<cite><a
                    497:    href="#ref-rfc3986">RFC3986</a></cite>]
                    498: 
                    499:   <p>To <dfn id=dispatch-readystatechange-event>dispatch a
                    500:    <code>readystatechange</code> event</dfn> means that an event with the
1.278     avankest  501:    name <code title=event-xhr-readystatechange>readystatechange</code>, which
                    502:    does not bubble and is not cancelable, and which uses the
                    503:    <code>Event</code> interface, is to be dispatched at the <a
1.270     avankest  504:    href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object.
1.156     avankest  505: 
1.248     avankest  506:   <h3 id=extensibility><span class=secno>2.3. </span>Extensibility</h3>
1.2       avankest  507: 
1.252     avankest  508:   <p>User agents, Working Groups, and other interested parties are
                    509:    <em>strongly encouraged</em> to discuss extensions on a relevant public
                    510:    forum, preferably <a
                    511:    href="mailto:public-webapps@w3.org">public-webapps@w3.org</a>. If this is
                    512:    for some reason not possible prefix the extension in some way and start
                    513:    the prefix with an uppercase letter. E.g. if company Foo wants to add a
                    514:    private method <code>bar()</code> it could be named <code>FooBar()</code>
                    515:    to prevent clashes with a potential future standardized
                    516:    <code>bar()</code>.
1.2       avankest  517: 
1.250     avankest  518:   <h2 id=the-xmlhttprequest-interface><span class=secno>3. </span>The <code
1.225     avankest  519:    title="">XMLHttpRequest</code> Interface</h2>
1.2       avankest  520: 
1.270     avankest  521:   <p>The <a href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object can
1.225     avankest  522:    be used by scripts to programmatically connect to their originating server
                    523:    via HTTP.
1.2       avankest  524: 
1.230     avankest  525:   <pre class=idl>[NoInterfaceObject]
                    526: interface <dfn id=xmlhttprequesteventtarget>XMLHttpRequestEventTarget</dfn> : EventTarget {
                    527:   // for future use
                    528: };
                    529: 
1.242     avankest  530: [<a href="#dom-xmlhttprequest" title=dom-XMLHttpRequest>Constructor</a>]
1.230     avankest  531: interface <dfn id=xmlhttprequest>XMLHttpRequest</dfn> : <a href="#xmlhttprequesteventtarget">XMLHttpRequestEventTarget</a> {
1.208     avankest  532:   // <a href="#event-handler-attributes">event handler attributes</a>
1.278     avankest  533:            attribute <a href="#function">Function</a> <a href="#handler-xhr-onreadystatechange" title=handler-xhr-onreadystatechange>onreadystatechange</a>;
1.60      avankest  534: 
1.208     avankest  535:   // <a href="#states">states</a>
1.277     avankest  536:   const unsigned short <a href="#dom-xmlhttprequest-unsent" title=dom-XMLHttpRequest-UNSENT>UNSENT</a> = 0;
                    537:   const unsigned short <a href="#dom-xmlhttprequest-opened" title=dom-XMLHttpRequest-OPENED>OPENED</a> = 1;
                    538:   const unsigned short <a href="#dom-xmlhttprequest-headers_received" title="dom-XMLHttpRequest-HEADERS_RECEIVED">HEADERS_RECEIVED</a> = 2;
                    539:   const unsigned short <a href="#dom-xmlhttprequest-loading" title=dom-XMLHttpRequest-LOADING>LOADING</a> = 3;
                    540:   const unsigned short <a href="#dom-xmlhttprequest-done" title=dom-XMLHttpRequest-DONE>DONE</a> = 4;
1.282     avankest  541:   readonly attribute unsigned short <a href="#dom-xmlhttprequest-readystate" title=dom-XMLHttpRequest-readyState>readyState</a>;
1.60      avankest  542: 
1.207     avankest  543:   // <a href="#request">request</a>
1.279     avankest  544:   void <a href="#dom-xmlhttprequest-open" title=dom-XMLHttpRequest-open>open</a>(DOMString <var>method</var>, DOMString <var title="">url</var>);
                    545:   void <a href="#dom-xmlhttprequest-open" title=dom-XMLHttpRequest-open>open</a>(DOMString <var>method</var>, DOMString <var title="">url</var>, boolean <var>async</var>);
                    546:   void <a href="#dom-xmlhttprequest-open" title=dom-XMLHttpRequest-open>open</a>(DOMString <var>method</var>, DOMString <var title="">url</var>, boolean <var>async</var>, DOMString? <var>user</var>);
                    547:   void <a href="#dom-xmlhttprequest-open" title=dom-XMLHttpRequest-open>open</a>(DOMString <var>method</var>, DOMString <var title="">url</var>, boolean <var>async</var>, DOMString? <var>user</var>, DOMString? <var>password</var>);
1.284     avankest  548:   void <a href="#dom-xmlhttprequest-setrequestheader" title=dom-XMLHttpRequest-setRequestHeader>setRequestHeader</a>(DOMString <var>header</var>, DOMString <var>value</var>);
1.276     avankest  549:   void <a href="#dom-xmlhttprequest-send" title=dom-XMLHttpRequest-send>send</a>();
                    550:   void <a href="#dom-xmlhttprequest-send" title=dom-XMLHttpRequest-send>send</a>(Document <var>data</var>);
                    551:   void <a href="#dom-xmlhttprequest-send" title=dom-XMLHttpRequest-send>send</a>([AllowAny] DOMString? <var>data</var>);
1.280     avankest  552:   void <a href="#dom-xmlhttprequest-abort" title=dom-XMLHttpRequest-abort>abort</a>();
1.60      avankest  553: 
1.207     avankest  554:   // <a href="#response">response</a>
1.281     avankest  555:   readonly attribute unsigned short <a href="#dom-xmlhttprequest-status" title=dom-XMLHttpRequest-status>status</a>;
                    556:   readonly attribute DOMString <a href="#dom-xmlhttprequest-statustext" title=dom-XMLHttpRequest-statusText>statusText</a>;
1.283     avankest  557:   DOMString <a href="#dom-xmlhttprequest-getresponseheader" title=dom-XMLHttpRequest-getResponseHeader>getResponseHeader</a>(DOMString <var>header</var>);
1.298     avankest  558:   DOMString <a href="#dom-xmlhttprequest-getallresponseheaders" title=dom-XMLHttpRequest-getAllResponseHeaders>getAllResponseHeaders</a>();
1.281     avankest  559:   readonly attribute DOMString <a href="#dom-xmlhttprequest-responsetext" title=dom-XMLHttpRequest-responseText>responseText</a>;
                    560:   readonly attribute Document <a href="#dom-xmlhttprequest-responsexml" title=dom-XMLHttpRequest-responseXML>responseXML</a>;
1.230     avankest  561: };</pre>
1.2       avankest  562: 
1.250     avankest  563:   <h3 id=origin-and-base-url><span class=secno>3.1. </span>Origin and Base
1.248     avankest  564:    URL</h3>
1.205     avankest  565: 
1.270     avankest  566:   <p>Each <a href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object
1.225     avankest  567:    has an associated <dfn
1.205     avankest  568:    id=xmlhttprequest-origin><code>XMLHttpRequest</code> origin</dfn> and an
                    569:    <dfn id=xmlhttprequest-base-url><code>XMLHttpRequest</code> base
                    570:    URL</dfn>.
                    571: 
                    572:   <p>This specification defines their values when the global object is
1.270     avankest  573:    represented by the <code>Window</code> object. When the <a
                    574:    href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object is used in
                    575:    other contexts their values will have to be defined as appropriate for
                    576:    that context. That is considered to be out of scope for this
                    577:    specification.
1.205     avankest  578: 
                    579:   <p>In environments where the global object is represented by the
1.270     avankest  580:    <code>Window</code> object the <a
                    581:    href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object has an
                    582:    associated <dfn id=xmlhttprequest-document><code>XMLHttpRequest</code>
1.205     avankest  583:    <code>Document</code></dfn> which is the <code>Document</code> object
1.270     avankest  584:    associated with the <code>Window</code> object for which the <a
                    585:    href="#xmlhttprequest"><code>XMLHttpRequest</code></a> interface object
                    586:    was created.
1.205     avankest  587: 
                    588:   <p class=note>The <a
                    589:    href="#xmlhttprequest-document"><code>XMLHttpRequest</code>
                    590:    <code>Document</code></a> is used to determine the <a
                    591:    href="#xmlhttprequest-origin"><code>XMLHttpRequest</code> origin</a> and
                    592:    <a href="#xmlhttprequest-base-url"><code>XMLHttpRequest</code> base
1.245     avankest  593:    URL</a> at a later stage.
1.205     avankest  594: 
1.250     avankest  595:   <h3 id=task-sources><span class=secno>3.2. </span>Task Sources</h3>
1.205     avankest  596: 
1.253     avankest  597:   <p>The <a href="#task-source">task source</a> used by this specification is
                    598:    the <dfn id=xmlhttprequest-task-source><code>XMLHttpRequest</code> task
                    599:    source</dfn>.
1.205     avankest  600: 
1.250     avankest  601:   <h3 id=constructors><span class=secno>3.3. </span>Constructors</h3>
1.205     avankest  602: 
1.275     avankest  603:   <dl class=domintro>
                    604:    <dt><var title="">client</var> = new <a href="#dom-xmlhttprequest"><code
                    605:     title=dom-XMLHttpRequest>XMLHttpRequest</code></a>()
                    606: 
                    607:    <dd>Returns a new <a
                    608:     href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object.
                    609:   </dl>
                    610: 
1.271     avankest  611:   <p>When the <dfn id=dom-xmlhttprequest
                    612:    title=dom-XMLHttpRequest><code>XMLHttpRequest()</code></dfn> constructor
                    613:    is invoked, the user agent <em class=ct>must</em> return a new <a
1.270     avankest  614:    href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object.
1.205     avankest  615: 
1.250     avankest  616:   <h3 id=event-handler-attributes><span class=secno>3.4. </span>Event Handler
1.207     avankest  617:    Attributes</h3>
                    618: 
                    619:   <p>The following is the <a href="#event-handler-attributes-0" title="event
                    620:    handler attributes">event handler attribute</a> (and its corresponding <a
                    621:    href="#event-handler-event-type">event handler event type</a>) that <em
1.270     avankest  622:    class=ct>must</em> be supported as DOM attribute by the <a
                    623:    href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object:
1.207     avankest  624: 
                    625:   <table>
                    626:    <thead>
                    627:     <tr>
                    628:      <th><a href="#event-handler-attributes-0" title="event handler
                    629:       attributes">event handler attribute</a>
                    630: 
                    631:      <th><a href="#event-handler-event-type">event handler event type</a>
                    632: 
                    633:    <tbody>
                    634:     <tr>
1.278     avankest  635:      <td><dfn id=handler-xhr-onreadystatechange
                    636:       title=handler-xhr-onreadystatechange><code>onreadystatechange</code></dfn>
                    637:       
1.207     avankest  638: 
1.278     avankest  639:      <td><code title=event-xhr-readystatechange>readystatechange</code>
1.207     avankest  640:   </table>
                    641: 
1.250     avankest  642:   <h3 id=states><span class=secno>3.5. </span>States</h3>
1.205     avankest  643: 
1.282     avankest  644:   <dl class=domintro>
                    645:    <dt><var title="">client</var> . <a
                    646:     href="#dom-xmlhttprequest-readystate"><code
                    647:     title=dom-XMLHttpRequest-readyState>readyState</code></a>
                    648: 
                    649:    <dd>
                    650:     <p>Returns the current state.
                    651:   </dl>
                    652: 
1.270     avankest  653:   <p>The <a href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object can
1.282     avankest  654:    be in several states. The <dfn id=dom-xmlhttprequest-readystate
                    655:    title=dom-XMLHttpRequest-readyState><code>readyState</code></dfn>
                    656:    attribute <em class=ct>must</em> return the current state, which <em
                    657:    class=ct>must</em> be one of the following values:
1.205     avankest  658: 
                    659:   <dl>
1.277     avankest  660:    <dt><dfn id=dom-xmlhttprequest-unsent
                    661:     title=dom-XMLHttpRequest-UNSENT><code>UNSENT</code></dfn> (numeric value
                    662:     0)
1.125     avankest  663: 
1.205     avankest  664:    <dd>
                    665:     <p>The object has been constructed.
                    666: 
1.277     avankest  667:    <dt><dfn id=dom-xmlhttprequest-opened
                    668:     title=dom-XMLHttpRequest-OPENED><code>OPENED</code></dfn> (numeric value
                    669:     1)
1.205     avankest  670: 
                    671:    <dd>
1.279     avankest  672:     <p>The <a href="#dom-xmlhttprequest-open"><code
                    673:      title=dom-XMLHttpRequest-open>open()</code></a> method has been
                    674:      successfully invoked. During this state request headers can be set using
1.284     avankest  675:      <a href="#dom-xmlhttprequest-setrequestheader"><code
                    676:      title=dom-XMLHttpRequest-setRequestHeader>setRequestHeader()</code></a>
1.275     avankest  677:      and the request can be made using the <a
1.276     avankest  678:      href="#dom-xmlhttprequest-send"><code
                    679:      title=dom-XMLHttpRequest-send>send()</code></a> method.
1.89      avankest  680: 
1.277     avankest  681:    <dt><dfn id="dom-xmlhttprequest-headers_received"
                    682:     title="dom-XMLHttpRequest-HEADERS_RECEIVED"><code>HEADERS_RECEIVED</code></dfn>
                    683:     (numeric value 2)
1.89      avankest  684: 
1.205     avankest  685:    <dd>
1.259     avankest  686:     <p>All redirects (if any) have been followed and all HTTP headers of the
                    687:      final response have been received. Several response members of the
1.205     avankest  688:      object are now available.
1.91      avankest  689: 
1.277     avankest  690:    <dt><dfn id=dom-xmlhttprequest-loading
                    691:     title=dom-XMLHttpRequest-LOADING><code>LOADING</code></dfn> (numeric
                    692:     value 3)
1.112     avankest  693: 
1.205     avankest  694:    <dd>
                    695:     <p>The <a href="#response-entity-body">response entity body</a> is being
                    696:      received.
1.91      avankest  697: 
1.277     avankest  698:    <dt><dfn id=dom-xmlhttprequest-done
                    699:     title=dom-XMLHttpRequest-DONE><code>DONE</code></dfn> (numeric value 4)
1.119     avankest  700: 
1.205     avankest  701:    <dd>
                    702:     <p>The data transfer has been completed or something went wrong during
                    703:      the transfer (e.g. infinite redirects).
                    704:   </dl>
1.116     avankest  705: 
1.277     avankest  706:   <p>The <a href="#dom-xmlhttprequest-opened"
                    707:    title=dom-XMLHttpRequest-OPENED>OPENED</a> state has an associated <dfn
                    708:    id=send-flag><code>send()</code> flag</dfn> that indicates whether the <a
                    709:    href="#dom-xmlhttprequest-send"><code
1.276     avankest  710:    title=dom-XMLHttpRequest-send>send()</code></a> method has been invoked.
                    711:    It can be either true or false and has an initial value of false.
1.205     avankest  712: 
1.277     avankest  713:   <p>The <a href="#dom-xmlhttprequest-done"
                    714:    title=dom-XMLHttpRequest-DONE>DONE</a> state has an associated <dfn
                    715:    id=error-flag>error flag</dfn> that indicates some type of network error
                    716:    or abortion. It can be either true or false and has an initial value of
                    717:    false.
1.205     avankest  718: 
1.250     avankest  719:   <h3 id=request><span class=secno>3.6. </span>Request</h3>
1.112     avankest  720: 
1.270     avankest  721:   <p>The <a href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object
1.225     avankest  722:    holds the following request metadata variables:
1.112     avankest  723: 
1.206     avankest  724:   <dl>
                    725:    <dt>The <dfn id=asynchronous-flag>asynchronous flag</dfn>
                    726: 
1.271     avankest  727:    <dd>True when <a href="#fetch" title=fetch>fetching</a> is done
                    728:     asychronously. False when fetching is done synchronously.
1.206     avankest  729: 
                    730:    <dt>The <dfn id=request-method>request method</dfn>
                    731: 
                    732:    <dd>The method used in the request.
                    733: 
                    734:    <dt>The <dfn id=request-url>request URL</dfn>
                    735: 
                    736:    <dd>The <a href="#url">URL</a> used in the request.
                    737: 
                    738:    <dt>The <dfn id=request-username>request username</dfn>
                    739: 
                    740:    <dd>The username used in the request or null if there is no username.
                    741: 
                    742:    <dt>The <dfn id=request-password>request password</dfn>
                    743: 
                    744:    <dd>The password used in the request or null if there is no password.
1.112     avankest  745: 
1.206     avankest  746:    <dt>The <dfn id=author-request-headers>author request headers</dfn>
1.112     avankest  747: 
1.206     avankest  748:    <dd>A list consisting of HTTP header name/value pairs to be used in the
                    749:     request.
1.112     avankest  750: 
1.206     avankest  751:    <dt>The <dfn id=request-entity-body>request entity body</dfn>
1.112     avankest  752: 
1.206     avankest  753:    <dd>The <a href="#entity-body">entity body</a> used in the request.
                    754:   </dl>
1.205     avankest  755: 
1.250     avankest  756:   <h4 id=the-open-method><span class=secno>3.6.1. </span>The <code
1.205     avankest  757:    title="">open()</code> method</h4>
                    758: 
1.274     avankest  759:   <dl class=domintro>
1.275     avankest  760:    <dt><var title="">client</var> . <a href="#dom-xmlhttprequest-open"><code
1.279     avankest  761:     title=dom-XMLHttpRequest-open>open(<var title="">method</var>, <var
                    762:     title="">url</var>, <var title="">async</var>, <var title="">user</var>,
                    763:     <var title="">password</var>)</code></a>
1.274     avankest  764: 
                    765:    <dd>
                    766:     <p>Sets the <a href="#request-method">request method</a>, <a
                    767:      href="#request-url">request URL</a>, <a
                    768:      href="#asynchronous-flag">asynchronous flag</a>, <a
                    769:      href="#request-username">request username</a>, and <a
1.285     avankest  770:      href="#request-password">request password</a>.</p>
                    771: 
                    772:     <p>Throws a <code>SYNTAX_ERR</code> exception if one of the following is
                    773:      true:</p>
                    774: 
                    775:     <ul>
                    776:      <li><var title="">method</var> is not a valid HTTP method.
                    777: 
                    778:      <li><var title="">url</var> cannot be resolved.
                    779: 
                    780:      <li><var title="">url</var> contains the <code>"user:password"</code>
                    781:       format in the <a href="#userinfo"><code>userinfo</code></a> production.
                    782:     </ul>
                    783: 
                    784:     <p>Throws a <a href="#security-err"><code>SECURITY_ERR</code></a>
                    785:      exception if <var title="">method</var> is a case-insensitive match for
                    786:      <code>CONNECT</code>, <code>TRACE</code> or <code>TRACK</code>.</p>
                    787: 
                    788:     <p>Throws a <a href="#security-err"><code>SECURITY_ERR</code></a>
                    789:      exception if the <a href="#origin">origin</a> of <var title="">url</var>
                    790:      does not match the <a
                    791:      href="#xmlhttprequest-origin"><code>XMLHttpRequest</code> origin</a>.</p>
                    792: 
1.286     avankest  793:     <p>Throws a <code>NOT_SUPPORTED_ERR</code> exception if the <a
                    794:      href="#url-scheme"><code>&lt;scheme></code></a> of <var
                    795:      title="">url</var> is not supported.</p>
1.274     avankest  796:   </dl>
                    797: 
1.275     avankest  798:   <p>When the <dfn id=dom-xmlhttprequest-open
1.279     avankest  799:    title=dom-XMLHttpRequest-open><code>open(<var title="">method</var>, <var
                    800:    title="">url</var>, <var title="">async</var>, <var title="">user</var>,
                    801:    <var title="">password</var>)</code></dfn> method is invoked, the user
                    802:    agent <em class=ct>must</em> run these steps (unless otherwise indicated):
1.112     avankest  803: 
1.205     avankest  804:   <ol>
                    805:    <li>
1.270     avankest  806:     <p>If the <a href="#xmlhttprequest"><code>XMLHttpRequest</code></a>
1.225     avankest  807:      object has an associated <a
1.205     avankest  808:      href="#xmlhttprequest-document"><code>XMLHttpRequest</code>
                    809:      <code>Document</code></a> run these substeps:</p>
1.112     avankest  810: 
1.205     avankest  811:     <ol>
                    812:      <li>
                    813:       <p>If the <a
                    814:        href="#xmlhttprequest-document"><code>XMLHttpRequest</code>
                    815:        <code>Document</code></a> is not <a href="#fully-active">fully
                    816:        active</a> raise an <code>INVALID_STATE_ERR</code> exception and
                    817:        terminate the overall set of steps.
                    818: 
                    819:      <li>
                    820:       <p>Let <a href="#xmlhttprequest-base-url"><code>XMLHttpRequest</code>
                    821:        base URL</a> be the <a href="#document-base-url">document base URL</a>
                    822:        of the <a href="#xmlhttprequest-document"><code>XMLHttpRequest</code>
                    823:        <code>Document</code></a>.
                    824: 
                    825:      <li>
                    826:       <p>Let <a href="#xmlhttprequest-origin"><code>XMLHttpRequest</code>
                    827:        origin</a> be the <a href="#origin">origin</a> of the <a
                    828:        href="#xmlhttprequest-document"><code>XMLHttpRequest</code>
                    829:        <code>Document</code></a>.
                    830:     </ol>
1.112     avankest  831: 
                    832:    <li>
1.258     avankest  833:     <p>If any code point in <var>method</var> is higher than U+00FF LATIN
1.299   ! avankest  834:      SMALL LETTER Y WITH DIAERESIS or after <a
        !           835:      href="#deflate-a-domstring-into-a-byte-sequence" title="deflate a
        !           836:      DOMString into a byte sequence">deflating</a> <var>method</var> it does
        !           837:      not match the <a href="#method-token">Method token</a> production raise
        !           838:      a <code>SYNTAX_ERR</code> exception and terminate these steps. Otherwise
        !           839:      let <var>method</var> be the result of <a
        !           840:      href="#deflate-a-domstring-into-a-byte-sequence" title="deflate a
        !           841:      DOMString into a byte sequence">deflating</a> <var>method</var>.
1.258     avankest  842:    </li>
                    843:    <!-- This sounds lame, but it works. -->
1.91      avankest  844: 
                    845:    <li>
1.258     avankest  846:     <p>If <var>method</var> is a case-insensitive match for
                    847:      <code>CONNECT</code>, <code>DELETE</code>, <code>GET</code>,
                    848:      <code>HEAD</code>, <code>OPTIONS</code>, <code>POST</code>,
                    849:      <code>PUT</code>, <code>TRACE</code>, or <code>TRACK</code> subtract
                    850:      0x20 from each byte in the range 0x61 (ASCII a) to 0x7A (ASCII z).</p>
1.205     avankest  851: 
                    852:     <p class=note>If it does not match any of the above, it is passed through
                    853:      <em>literally</em>, including in the final request.</p>
                    854:    </li>
                    855:    <!-- WebKit (and supposedly Gecko) also uppercase: COPY, INDEX, LOCK,
                    856:    M-POST, MKCOL, MOVE, PROPFIND, PROPPATCH, and UNLOCK. -->
1.89      avankest  857: 
1.205     avankest  858:    <li>
1.258     avankest  859:     <p>If <var>method</var> is a case-sensitive match for
1.261     avankest  860:      <code>CONNECT</code>, <code>TRACE</code>, or <code>TRACK</code> raise a
1.270     avankest  861:      <a href="#security-err"><code>SECURITY_ERR</code></a> exception and
1.261     avankest  862:      terminate these steps.</p>
1.164     avankest  863: 
1.205     avankest  864:     <p class=note>Allowing these methods poses a security risk. [<cite><a
                    865:      href="#ref-httpverbsec">HTTPVERBSEC</a></cite>]</p>
1.89      avankest  866: 
1.91      avankest  867:    <li>
1.205     avankest  868:     <p>Let <var title="">url</var> be a <a href="#url">URL</a>.
1.89      avankest  869: 
                    870:    <li>
1.205     avankest  871:     <p>Let <a href="#url-character-encoding">URL character encoding</a> of
                    872:      <var title="">url</var> be UTF-8.
1.89      avankest  873: 
                    874:    <li>
1.257     avankest  875:     <p><a href="#resolve-a-url" title="Resolve a URL">Resolve</a> <var
                    876:      title="">url</var> relative to the <a
1.205     avankest  877:      href="#xmlhttprequest-base-url"><code>XMLHttpRequest</code> base
                    878:      URL</a>. If the algorithm returns an error raise a
                    879:      <code>SYNTAX_ERR</code> exception and terminate these steps.
                    880:    </li>
                    881:    <!-- Presto and Gecko override the encoding. WebKit does not. Trident
                    882:    does not support non-ASCII URLs. This matters for the <query> component,
                    883:    see HTML5. -->
1.129     avankest  884: 
1.205     avankest  885:    <li>
1.270     avankest  886:     <p>Drop <a href="#url-fragment"><code>&lt;fragment></code></a> from <var
1.205     avankest  887:      title="">url</var>.
1.89      avankest  888: 
                    889:    <li>
1.270     avankest  890:     <p>If <var title="">url</var> contains an unsupported <a
                    891:      href="#url-scheme"><code>&lt;scheme></code></a> raise a
1.205     avankest  892:      <code>NOT_SUPPORTED_ERR</code> and terminate these steps.
1.89      avankest  893: 
1.205     avankest  894:    <li>
1.270     avankest  895:     <p>If the <code>"user:password"</code> format in the <a
                    896:      href="#userinfo"><code>userinfo</code></a> production is not supported
                    897:      for the relevant scheme and <var title="">url</var> contains this format
                    898:      raise a <code>SYNTAX_ERR</code> and terminate these steps.
1.2       avankest  899: 
1.205     avankest  900:    <li>
                    901:     <p>If <var title="">url</var> contains the <code>"user:password"</code>
                    902:      format let <var>temp user</var> be the user part and <var>temp
                    903:      password</var> be the password part.
1.2       avankest  904: 
1.205     avankest  905:    <li>
                    906:     <p>If <var title="">url</var> just contains the <code>"user"</code>
                    907:      format let <var>temp user</var> be the user part.
1.2       avankest  908: 
1.205     avankest  909:    <li>
                    910:     <p>If the <a href="#origin">origin</a> of <var title="">url</var> is not
                    911:      <a href="#same-origin">same origin</a> with the <a
1.261     avankest  912:      href="#xmlhttprequest-origin"><code>XMLHttpRequest</code> origin</a>
1.270     avankest  913:      raise a <a href="#security-err"><code>SECURITY_ERR</code></a> exception
1.261     avankest  914:      and terminate these steps.
1.2       avankest  915: 
1.205     avankest  916:    <li>
                    917:     <p>Let <var>async</var> be the value of the <var>async</var> argument or
1.271     avankest  918:      true if it was omitted.
1.2       avankest  919: 
1.205     avankest  920:    <li>
                    921:     <p>If the <var>user</var> argument was not omitted follow these sub
                    922:      steps:</p>
1.2       avankest  923: 
1.60      avankest  924:     <ol>
                    925:      <li>
1.241     avankest  926:       <p>If <var>user</var> is null let <var>temp user</var> be null.
1.2       avankest  927: 
1.60      avankest  928:      <li>
1.205     avankest  929:       <p>Otherwise let <var>temp user</var> be <var>user</var>.
                    930:     </ol>
1.184     avankest  931: 
1.205     avankest  932:     <p class=note>These steps override anything that may have been set by the
                    933:      <var title="">url</var> argument.</p>
1.157     avankest  934: 
1.205     avankest  935:    <li>
                    936:     <p>If the <var>password</var> argument was not omitted follow these sub
                    937:      steps:</p>
1.2       avankest  938: 
1.205     avankest  939:     <ol>
1.60      avankest  940:      <li>
1.241     avankest  941:       <p>If <var>password</var> is null let <var>temp password</var> be null.
1.2       avankest  942: 
1.60      avankest  943:      <li>
1.205     avankest  944:       <p>Otherwise let <var>temp password</var> be <var>password</var>.
                    945:     </ol>
1.102     avankest  946: 
1.205     avankest  947:     <p class=note>These steps override anything that may have been set by the
                    948:      <var title="">url</var> argument.</p>
1.2       avankest  949: 
1.205     avankest  950:    <li>
                    951:     <p><a href="#abort-send-algorithm" title="abort send()">Abort the
                    952:      <code>send()</code> algorithm</a>.
1.2       avankest  953: 
1.205     avankest  954:    <li>
                    955:     <p>The user agent <em class=ct>should</em> cancel any network activity
                    956:      for which the object is responsible.
                    957:    </li>
                    958:    <!-- we can hardly require it... -->
1.24      avankest  959: 
1.205     avankest  960:    <li>
1.254     avankest  961:     <p>If there are any <a href="#task" title=task>tasks</a> from the
                    962:      object's <a
                    963:      href="#xmlhttprequest-task-source"><code>XMLHttpRequest</code> task
                    964:      source</a> in one of the <a href="#task-queues">task queues</a>, then
                    965:      remove those tasks.
                    966: 
                    967:    <li>
1.205     avankest  968:     <p>Set variables associated with the object as follows:</p>
1.70      avankest  969: 
1.205     avankest  970:     <ul>
1.60      avankest  971:      <li>
1.205     avankest  972:       <p>Set the <a href="#send-flag"><code>send()</code> flag</a> to false.
1.60      avankest  973: 
                    974:      <li>
1.205     avankest  975:       <p>Set <a href="#response-entity-body">response entity body</a> to
                    976:        null.
1.60      avankest  977: 
                    978:      <li>
1.205     avankest  979:       <p>Empty the list of <a href="#author-request-headers">author request
                    980:        headers</a>.</p>
1.17      avankest  981: 
1.60      avankest  982:      <li>
1.205     avankest  983:       <p>Set the <a href="#request-method">request method</a> to
                    984:        <var>method</var>.
1.17      avankest  985: 
1.60      avankest  986:      <li>
1.205     avankest  987:       <p>Set the <a href="#request-url">request URL</a> to <var
                    988:        title="">url</var>.
1.17      avankest  989: 
1.60      avankest  990:      <li>
1.205     avankest  991:       <p>Set the <a href="#request-username">request username</a> to
                    992:        <var>temp user</var>.
1.17      avankest  993: 
1.60      avankest  994:      <li>
1.205     avankest  995:       <p>Set the <a href="#request-password">request password</a> to
                    996:        <var>temp password</var>.
1.17      avankest  997: 
1.60      avankest  998:      <li>
1.271     avankest  999:       <p>Set the <a href="#asynchronous-flag">asynchronous flag</a> to the
                   1000:        value of <var>async</var>.
1.205     avankest 1001:     </ul>
1.44      avankest 1002: 
1.205     avankest 1003:    <li>
1.277     avankest 1004:     <p>Switch the the state to <a href="#dom-xmlhttprequest-opened"
                   1005:      title=dom-XMLHttpRequest-OPENED>OPENED</a>.
1.176     avankest 1006: 
1.205     avankest 1007:    <li>
                   1008:     <p><a href="#dispatch-readystatechange-event">Dispatch a
                   1009:      <code>readystatechange</code> event</a>.
                   1010:   </ol>
1.22      avankest 1011: 
1.250     avankest 1012:   <h4 id=the-setrequestheader-method><span class=secno>3.6.2. </span>The
1.248     avankest 1013:    <code title="">setRequestHeader()</code> method</h4>
1.275     avankest 1014: 
                   1015:   <dl class=domintro>
1.284     avankest 1016:    <dt><var title="">client</var> . <a
                   1017:     href="#dom-xmlhttprequest-setrequestheader"><code
                   1018:     title=dom-XMLHttpRequest-setRequestHeader>setRequestHeader(<var
                   1019:     title="">header</var>, <var title="">value</var>)</code></a>
1.275     avankest 1020: 
                   1021:    <dd>
                   1022:     <p>Appends an header to the list of <a
                   1023:      href="#author-request-headers">author request headers</a> or if the
                   1024:      header is already in the <a href="#author-request-headers">author
                   1025:      request headers</a> its value appended to.</p>
1.285     avankest 1026: 
                   1027:     <p>Throws an <code>INVALID_STATE_ERR</code> exception if the state is not
                   1028:      <a href="#dom-xmlhttprequest-opened"
                   1029:      title=dom-XMLHttpRequest-OPENED>OPENED</a> or if the <a
                   1030:      href="#send-flag"><code>send()</code> flag</a> is true.</p>
                   1031: 
                   1032:     <p>Throws a <code>SYNTAX_ERR</code> exception if <var
                   1033:      title="">header</var> is not a valid HTTP header field name or if <var
                   1034:      title="">value</var> is not a valid HTTP header field value.</p>
1.275     avankest 1035:   </dl>
1.205     avankest 1036: 
1.284     avankest 1037:   <p class=note>As indicated in the algorithm below certain headers cannot be
                   1038:    set and are left up to the user agent. In addition there are certain other
                   1039:    headers the user agent will take control of if they are not set by the
                   1040:    author as indicated at the end of the <a
                   1041:    href="#dom-xmlhttprequest-send"><code
1.276     avankest 1042:    title=dom-XMLHttpRequest-send>send()</code></a> method section.
1.205     avankest 1043: 
1.275     avankest 1044:   <p>When the <dfn id=dom-xmlhttprequest-setrequestheader
1.284     avankest 1045:    title=dom-XMLHttpRequest-setRequestHeader><code>setRequestHeader(<var
                   1046:    title="">header</var>, <var title="">value</var>)</code></dfn> method is
                   1047:    invoked, the user agent <em class=ct>must</em> run these steps:
1.6       avankest 1048: 
1.205     avankest 1049:   <ol>
                   1050:    <li>
1.277     avankest 1051:     <p>If the state is not <a href="#dom-xmlhttprequest-opened"
                   1052:      title=dom-XMLHttpRequest-OPENED>OPENED</a> raise an
                   1053:      <code>INVALID_STATE_ERR</code> exception and terminate these steps.
1.47      avankest 1054: 
1.205     avankest 1055:    <li>
                   1056:     <p>If the <a href="#send-flag"><code>send()</code> flag</a> is true raise
                   1057:      an <code>INVALID_STATE_ERR</code> exception and terminate these steps.
1.60      avankest 1058: 
1.205     avankest 1059:    <li>
1.258     avankest 1060:     <p>If any code point in <var>header</var> is higher than U+00FF LATIN
1.299   ! avankest 1061:      SMALL LETTER Y WITH DIAERESIS or after <a
        !          1062:      href="#deflate-a-domstring-into-a-byte-sequence" title="deflate a
        !          1063:      DOMString into a byte sequence">deflating</a> <var>header</var> it does
        !          1064:      not match the <a href="#field-name">field-name</a> production raise a
1.258     avankest 1065:      <code>SYNTAX_ERR</code> exception and terminate these steps. Otherwise
1.299   ! avankest 1066:      let <var>header</var> be the result of <a
        !          1067:      href="#deflate-a-domstring-into-a-byte-sequence" title="deflate a
        !          1068:      DOMString into a byte sequence">deflating</a> <var>header</var>.
1.258     avankest 1069:    </li>
                   1070:    <!-- This sounds lame, but it works. -->
1.6       avankest 1071: 
1.205     avankest 1072:    <li>
1.258     avankest 1073:     <p>If any code point in <var>value</var> is higher than U+00FF LATIN
1.299   ! avankest 1074:      SMALL LETTER Y WITH DIAERESIS or after <a
        !          1075:      href="#deflate-a-domstring-into-a-byte-sequence" title="deflate a
        !          1076:      DOMString into a byte sequence">deflating</a> <var>value</var> it does
        !          1077:      not match the <a href="#field-value">field-value</a> production raise a
1.258     avankest 1078:      <code>SYNTAX_ERR</code> exception and terminate these steps. Otherwise
1.299   ! avankest 1079:      let <var>value</var> be the result of <a
        !          1080:      href="#deflate-a-domstring-into-a-byte-sequence" title="deflate a
        !          1081:      DOMString into a byte sequence">deflating</a> <var>value</var>.</p>
1.258     avankest 1082:     <!-- This sounds lame, but it works. -->
1.205     avankest 1083:     <p class=note>The empty string is legal and represents the empty header
                   1084:      value.</p>
1.71      avankest 1085: 
1.205     avankest 1086:    <li>
1.261     avankest 1087:     <p>Terminate these steps if <var>header</var> is a case-insensitive match
                   1088:      for one of the following headers:</p>
1.179     avankest 1089: 
1.205     avankest 1090:     <ul>
                   1091:      <li><code>Accept-Charset</code>
1.60      avankest 1092: 
1.205     avankest 1093:      <li><code>Accept-Encoding</code>
1.34      avankest 1094: 
1.205     avankest 1095:      <li><code>Connection</code>
1.34      avankest 1096: 
1.205     avankest 1097:      <li><code>Content-Length</code>
1.177     avankest 1098: 
1.205     avankest 1099:      <li><code>Cookie</code>
1.69      avankest 1100: 
1.205     avankest 1101:      <li><code>Cookie2</code>
1.34      avankest 1102: 
1.205     avankest 1103:      <li><code>Content-Transfer-Encoding</code>
1.177     avankest 1104: 
1.205     avankest 1105:      <li><code>Date</code>
1.177     avankest 1106: 
1.205     avankest 1107:      <li><code>Expect</code>
1.69      avankest 1108: 
1.205     avankest 1109:      <li><code>Host</code>
1.69      avankest 1110: 
1.205     avankest 1111:      <li><code>Keep-Alive</code>
1.34      avankest 1112: 
1.205     avankest 1113:      <li><code>Referer</code>
1.34      avankest 1114: 
1.205     avankest 1115:      <li><code>TE</code>
1.34      avankest 1116: 
1.205     avankest 1117:      <li><code>Trailer</code>
1.34      avankest 1118: 
1.205     avankest 1119:      <li><code>Transfer-Encoding</code>
1.34      avankest 1120: 
1.205     avankest 1121:      <li><code>Upgrade</code>
1.34      avankest 1122: 
1.205     avankest 1123:      <li><code>User-Agent</code>
1.34      avankest 1124: 
1.205     avankest 1125:      <li><code>Via</code>
                   1126:     </ul>
1.69      avankest 1127: 
1.258     avankest 1128:     <p>&hellip; or if the start of <var>header</var> is a case-insensitive
                   1129:      match for <code>Proxy-</code> or <code>Sec-</code> (including when
1.205     avankest 1130:      <var>header</var> is just <code>Proxy-</code> or <code>Sec-</code>).</p>
                   1131: 
1.285     avankest 1132:     <p class=note>The above headers are controlled by the user agent to let
                   1133:      it control those aspects of transport. This guarantees data integrity to
                   1134:      some extent. Header names starting with <code>Sec-</code> are not
                   1135:      allowed to be set to allow new headers to be minted that are guaranteed
                   1136:      not to come from <a
                   1137:      href="#xmlhttprequest"><code>XMLHttpRequest</code></a>.</p>
1.185     avankest 1138: 
1.205     avankest 1139:    <li>
                   1140:     <p>If <var>header</var> is not in the <a
                   1141:      href="#author-request-headers">author request headers</a> list append
                   1142:      <var>header</var> with its associated <var>value</var> to the list and
                   1143:      terminate these steps.
1.6       avankest 1144: 
1.205     avankest 1145:    <li>
                   1146:     <p>If <var>header</var> is in the <a
                   1147:      href="#author-request-headers">author request headers</a> list either
                   1148:      use multiple headers, combine the values or use a combination of those
                   1149:      (section 4.2, RFC 2616). [<cite><a
1.250     avankest 1150:      href="#rfc-rfc2616">RFC2616</a></cite>]
1.205     avankest 1151:    </li>
                   1152:    <!-- XXX it seems UAs always combine the values -->
                   1153:   </ol>
1.18      avankest 1154: 
1.276     avankest 1155:   <p class=note>See also the <a href="#dom-xmlhttprequest-send"><code
                   1156:    title=dom-XMLHttpRequest-send>send()</code></a> method regarding user
                   1157:    agent header handling for caching, authentication, proxies, and cookies.
1.47      avankest 1158: 
1.205     avankest 1159:   <div class=example>
                   1160:    <pre><code>// The following script:
1.18      avankest 1161: var client = new XMLHttpRequest();
                   1162: client.open('GET', 'demo.cgi');
                   1163: client.setRequestHeader('X-Test', 'one');
                   1164: client.setRequestHeader('X-Test', 'two');
                   1165: client.send();
                   1166: 
                   1167: // ...would result in the following header being sent:
                   1168: ...
                   1169: X-Test: one, two
1.60      avankest 1170: ...</code></pre>
1.205     avankest 1171:   </div>
1.6       avankest 1172: 
1.250     avankest 1173:   <h4 id=the-send-method><span class=secno>3.6.3. </span>The <code
1.205     avankest 1174:    title="">send()</code> method</h4>
1.276     avankest 1175: 
                   1176:   <dl class=domintro>
                   1177:    <dt><var title="">client</var> . <a href="#dom-xmlhttprequest-send"><code
                   1178:     title=dom-XMLHttpRequest-send>send(<var title="">data</var>)</code></a>
                   1179: 
                   1180:    <dd>
                   1181:     <p>Initiates the request. The optional argument provides the <a
1.285     avankest 1182:      href="#request-entity-body">request entity body</a>. The argument is
                   1183:      ignored if <a href="#request-method">request method</a> is
                   1184:      <code>GET</code> or <code>HEAD</code>.</p>
                   1185: 
                   1186:     <p>Throws an <code>INVALID_STATE_ERR</code> exception if the state is not
                   1187:      <a href="#dom-xmlhttprequest-opened"
                   1188:      title=dom-XMLHttpRequest-OPENED>OPENED</a> or if the <a
                   1189:      href="#send-flag"><code>send()</code> flag</a> is true.</p>
1.276     avankest 1190:   </dl>
1.205     avankest 1191: 
1.275     avankest 1192:   <p>When the <dfn id=dom-xmlhttprequest-send
1.276     avankest 1193:    title=dom-XMLHttpRequest-send><code>send(<var>data</var>)</code></dfn>
                   1194:    method is invoked, the user agent <em class=ct>must</em> run the following
                   1195:    steps (unless otherwise noted). This algorithm gets aborted when the <a
1.279     avankest 1196:    href="#dom-xmlhttprequest-open"><code
                   1197:    title=dom-XMLHttpRequest-open>open()</code></a> or <a
1.280     avankest 1198:    href="#dom-xmlhttprequest-abort"><code
                   1199:    title=dom-XMLHttpRequest-abort>abort()</code></a> method is invoked. When
                   1200:    the <dfn id=abort-send-algorithm title="abort send()"><code>send()</code>
                   1201:    algorithm is aborted</dfn> the user agent <em class=ct>must</em> terminate
                   1202:    the algorithm after finishing the step it is on.
1.205     avankest 1203: 
                   1204:   <p class=note>The <code title="">send()</code> algorithm can only be
                   1205:    aborted when the <a href="#asynchronous-flag">asynchronous flag</a> is
                   1206:    true and only after the method call has returned.
1.60      avankest 1207: 
1.205     avankest 1208:   <ol>
                   1209:    <li>
1.277     avankest 1210:     <p>If the state is not <a href="#dom-xmlhttprequest-opened"
                   1211:      title=dom-XMLHttpRequest-OPENED>OPENED</a> raise an
                   1212:      <code>INVALID_STATE_ERR</code> exception and terminate these steps.
1.60      avankest 1213: 
1.205     avankest 1214:    <li>
                   1215:     <p>If the <a href="#send-flag"><code>send()</code> flag</a> is true raise
                   1216:      an <code>INVALID_STATE_ERR</code> exception and terminate these steps.
1.60      avankest 1217: 
1.205     avankest 1218:    <li>
1.285     avankest 1219:     <p>If the <a href="#request-method">request method</a> is a
                   1220:      case-sensitive match for <code>GET</code> or <code>HEAD</code> act as if
                   1221:      <var title="">data</var> is null.</p>
1.203     avankest 1222: 
1.241     avankest 1223:     <p>If the <var>data</var> argument has been omitted or is null, do not
                   1224:      include a <a href="#request-entity-body">request entity body</a> and go
                   1225:      to the next step.</p>
1.234     avankest 1226: 
1.250     avankest 1227:     <p>Otherwise, let <var>encoding</var> be null, <var>mime type</var> be
                   1228:      null, and then follow these rules:</p>
1.205     avankest 1229: 
                   1230:     <dl class=switch>
1.250     avankest 1231:      <dt>If <var>data</var> is a <code>Document</code>
1.205     avankest 1232: 
                   1233:      <dd>
1.234     avankest 1234:       <p>Let <var>encoding</var> be the <a
                   1235:        href="#preferred-mime-name">preferred MIME name</a> of the <a
1.246     avankest 1236:        href="#document-character-encoding" title="document's character
1.234     avankest 1237:        encoding">character encoding</a> of <var>data</var>. If
                   1238:        <var>encoding</var> is UTF-16 change it to UTF-8.</p>
                   1239: 
1.250     avankest 1240:       <p>Let <var>mime type</var> be "<code>application/xml;charset=</code>"
                   1241:        followed by <var>encoding</var>.</p>
1.234     avankest 1242: 
                   1243:       <p>Let the <a href="#request-entity-body">request entity body</a> be
1.270     avankest 1244:        the result of getting the <a href="#dom-innerhtml"><code
                   1245:        title=dom-innerHTML>innerHTML</code></a> attribute on <var>data</var>
                   1246:        <a href="#dfn-obtain-unicode" title="convert a DOMString to a sequence
                   1247:        of Unicode characters">converted to Unicode</a> and encoded as
                   1248:        <var>encoding</var>. Re-raise any exception this raises.</p>
1.210     avankest 1249: 
1.235     avankest 1250:       <p class=note>In particular, if the document cannot be serialized an
1.219     avankest 1251:        <code>INVALID_STATE_ERR</code> exception is raised.</p>
                   1252: 
1.205     avankest 1253:       <p class=note>Subsequent changes to the <code>Document</code> have no
                   1254:        effect on what is submitted.</p>
1.239     avankest 1255: 
1.250     avankest 1256:      <dt>If <var>data</var> is a <code>DOMString</code>
1.239     avankest 1257: 
                   1258:      <dd>
1.250     avankest 1259:       <p>Let <var>encoding</var> be UTF-8.</p>
                   1260: 
                   1261:       <p>Let <var>mime type</var> be "<code>text/plain;charset=UTF-8</code>".</p>
                   1262: 
1.239     avankest 1263:       <p>Let the <a href="#request-entity-body">request entity body</a> be
                   1264:        <var>data</var> <a href="#dfn-obtain-unicode" title="convert a
                   1265:        DOMString to a sequence of Unicode characters">converted to
1.250     avankest 1266:        Unicode</a> and encoded as UTF-8.</p>
1.205     avankest 1267:     </dl>
1.103     avankest 1268: 
1.270     avankest 1269:     <p>If a <code>Content-Type</code> header is set using <a
1.284     avankest 1270:      href="#dom-xmlhttprequest-setrequestheader"><code
                   1271:      title=dom-XMLHttpRequest-setRequestHeader>setRequestHeader()</code></a>
1.275     avankest 1272:      whose value is a <a href="#valid-mime-type">valid MIME type</a> and has
                   1273:      a <code>charset</code> parameter whose value is not a case-insensitive
1.284     avankest 1274:      match for <var title="">encoding</var>, and <var title="">encoding</var>
                   1275:      is not null, set all the <code>charset</code> parameters of the
                   1276:      <code>Content-Type</code> header to <var title="">encoding</var>.</p>
1.234     avankest 1277: 
1.270     avankest 1278:     <p>If no <code>Content-Type</code> header has been set using <a
1.284     avankest 1279:      href="#dom-xmlhttprequest-setrequestheader"><code
                   1280:      title=dom-XMLHttpRequest-setRequestHeader>setRequestHeader()</code></a>
                   1281:      and <var title="">mime type</var> is not null set a
                   1282:      <code>Content-Type</code> request header with as value <var
                   1283:      title="">mime type</var>.</p>
1.238     avankest 1284:     <!-- reminder: if we ever change this to always include charset it has
                   1285:     to be included as the first parameter for compatibility reasons -->
                   1286:     
1.167     avankest 1287: 
1.205     avankest 1288:    <li>
                   1289:     <p>If the <a href="#asynchronous-flag">asynchronous flag</a> is false
                   1290:      release the <a href="#storage-mutex">storage mutex</a>.
1.60      avankest 1291: 
1.205     avankest 1292:    <li>
                   1293:     <p>Set the <a href="#error-flag">error flag</a> to false.
1.164     avankest 1294: 
1.205     avankest 1295:    <li>
1.213     avankest 1296:     <p>If the <a href="#asynchronous-flag">asynchronous flag</a> is true run
                   1297:      these substeps:</p>
                   1298: 
                   1299:     <ol>
                   1300:      <li>
1.219     avankest 1301:       <p>Set the <a href="#send-flag"><code>send()</code> flag</a> to true.
                   1302: 
                   1303:      <li>
1.213     avankest 1304:       <p><a href="#dispatch-readystatechange-event">Dispatch a
                   1305:        <code>readystatechange</code> event</a>.</p>
                   1306: 
                   1307:       <p class=note>The state does not change. The event is dispatched for
                   1308:        historical reasons.</p>
                   1309: 
                   1310:      <li>
1.276     avankest 1311:       <p>Return the <a href="#dom-xmlhttprequest-send"><code
                   1312:        title=dom-XMLHttpRequest-send>send()</code></a> method call, but
                   1313:        continue running the steps in this algorithm.
1.213     avankest 1314:     </ol>
                   1315: 
                   1316:    <li>
1.263     avankest 1317:     <p><a href="#fetch">Fetch</a> the <a href="#request-url">request URL</a>
                   1318:      from <i title="">origin</i> <a
1.262     avankest 1319:      href="#xmlhttprequest-origin"><code>XMLHttpRequest</code> origin</a>,
                   1320:      with the <i title="">synchronous flag</i> set if the <a
                   1321:      href="#asynchronous-flag">asynchronous flag</a> is false, using HTTP
1.213     avankest 1322:      method <a href="#request-method">request method</a>, user <a
                   1323:      href="#request-username">request username</a> (if non-null) and password
                   1324:      <a href="#request-password">request password</a> (if non-null), taking
                   1325:      into account the <a href="#request-entity-body">request entity body</a>,
                   1326:      list of <a href="#author-request-headers">author request headers</a> and
                   1327:      the rules listed at the end of this section.</p>
                   1328: 
1.226     avankest 1329:     <dl class=switch>
1.205     avankest 1330:      <dt>If the <a href="#asynchronous-flag">asynchronous flag</a> is false
1.195     avankest 1331: 
1.205     avankest 1332:      <dd>
1.213     avankest 1333:       <p>While making the request also follow the <a
1.221     avankest 1334:        href="#same-origin-request-event-rules">same-origin request event
                   1335:        rules</a>.</p>
1.213     avankest 1336:       <!--
1.250     avankest 1337:          This cannot involve any task queue whatsoever because that would
                   1338:          mean other tasks on the task queue might get processed as well
                   1339:          which is counter to the whole idea of doing things synchronous.
                   1340:         -->
1.213     avankest 1341:       
1.276     avankest 1342:       <p class=note>The <a href="#dom-xmlhttprequest-send"><code
                   1343:        title=dom-XMLHttpRequest-send>send()</code></a> method call will now
                   1344:        be returned by virtue of this algorithm ending.</p>
1.205     avankest 1345: 
                   1346:      <dt>If the <a href="#asynchronous-flag">asynchronous flag</a> is true
                   1347: 
                   1348:      <dd>
1.250     avankest 1349:       <p><span>Make progress notifications</span>.</p>
                   1350: 
                   1351:       <p><span>Make upload progress notifications</span>.</p>
                   1352: 
1.213     avankest 1353:       <p>While processing the request, as data becomes available and when the
1.250     avankest 1354:        user interferes with the request, <a href="#queue-a-task" title="queue
1.257     avankest 1355:        a task">queue tasks</a> to update the <a
                   1356:        href="#response-entity-body">response entity body</a> and follow the
                   1357:        <a href="#same-origin-request-event-rules">same-origin request event
1.256     avankest 1358:        rules</a>.</p>
1.205     avankest 1359:     </dl>
                   1360:   </ol>
1.124     avankest 1361: 
1.205     avankest 1362:   <hr>
                   1363: 
1.229     avankest 1364:   <p>If the user agent allows the end user to configure a proxy it <em
1.250     avankest 1365:    class=ct>should</em> modify the request appropriately; i.e., connect to
                   1366:    the proxy host instead of the origin server, modify the
1.214     avankest 1367:    <code>Request-Line</code> and send <code>Proxy-Authorization</code>
                   1368:    headers as specified.
                   1369: 
1.264     avankest 1370:   <hr>
                   1371: 
                   1372:   <p>If the user agent supports HTTP Authentication and <code
                   1373:    title=http-authorization>Authorization</code> is not in the list of <a
1.220     avankest 1374:    href="#author-request-headers">author request headers</a>, it <em
1.270     avankest 1375:    class=ct>should</em> consider requests originating from the <a
                   1376:    href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object to be part
                   1377:    of the protection space that includes the accessed URIs and send <code
1.264     avankest 1378:    title=http-authorization>Authorization</code> headers and handle <code>401
                   1379:    Unauthorized</code> requests appropriately.
                   1380: 
                   1381:   <p>If authentication fails, <code
                   1382:    title=http-authorization>Authorization</code> is not in the list of <a
                   1383:    href="#author-request-headers">author request headers</a>, <a
                   1384:    href="#request-username">request username</a> is null, and <a
                   1385:    href="#request-password">request password</a> is null, user agents <em
                   1386:    class=ct>should</em> prompt the end user for their username and password.
                   1387: 
                   1388:   <p>If authentication fails, <code
                   1389:    title=http-authorization>Authorization</code> is not in the list of <a
                   1390:    href="#author-request-headers">author request headers</a>, <a
                   1391:    href="#request-username">request username</a> is non-null, and <a
                   1392:    href="#request-password">request password</a> is non-null, user agents <em
                   1393:    class=ct>must not</em> prompt the end user for their username and
                   1394:    password. [<cite><a href="#ref-rfc2617">RFC2617</a></cite>]
1.214     avankest 1395: 
1.271     avankest 1396:   <p class=note>End users are not prompted if username/password are provided
1.279     avankest 1397:    through the <a href="#dom-xmlhttprequest-open"><code
                   1398:    title=dom-XMLHttpRequest-open>open()</code></a> API so that authors can
                   1399:    implement their own user interface.
1.214     avankest 1400: 
1.264     avankest 1401:   <hr>
                   1402: 
1.214     avankest 1403:   <p>If the user agent supports HTTP State Management it <em
                   1404:    class=ct>should</em> persist, discard and send cookies (as received in the
                   1405:    <code>Set-Cookie</code> and <code>Set-Cookie2</code> response headers, and
                   1406:    sent in the <code>Cookie</code> header) as applicable. [<cite><a
1.232     avankest 1407:    href="#ref-cookies">COOKIES</a></cite>]
1.214     avankest 1408: 
1.264     avankest 1409:   <hr>
                   1410: 
1.214     avankest 1411:   <p>If the user agent implements a HTTP cache it <em class=ct>should</em>
1.270     avankest 1412:    respect <code>Cache-Control</code> request headers set by the <a
1.284     avankest 1413:    href="#dom-xmlhttprequest-setrequestheader"><code
                   1414:    title=dom-XMLHttpRequest-setRequestHeader>setRequestHeader()</code></a>
1.275     avankest 1415:    (e.g., <code>Cache-Control: no-cache</code> bypasses the cache). It <em
1.214     avankest 1416:    class=ct>must not</em> send <code>Cache-Control</code> or
1.229     avankest 1417:    <code>Pragma</code> request headers automatically unless the end user
1.284     avankest 1418:    explicitly requests such behavior (e.g. by reloading the page).
1.214     avankest 1419: 
                   1420:   <p>For <code>304 Not Modified</code> responses that are a result of a user
                   1421:    agent generated conditional request the user agent <em class=ct>must</em>
                   1422:    act as if the server gave a <code>200 OK</code> response with the
1.270     avankest 1423:    appropriate content. The user agent <em class=ct>must</em> allow <a
1.284     avankest 1424:    href="#dom-xmlhttprequest-setrequestheader"><code
                   1425:    title=dom-XMLHttpRequest-setRequestHeader>setRequestHeader()</code></a> to
                   1426:    override automatic cache validation by setting request headers (e.g.
1.250     avankest 1427:    <code>If-None-Match</code> or <code>If-Modified-Since</code>), in which
                   1428:    case <code>304 Not Modified</code> responses <em class=ct>must</em> be
                   1429:    passed through. [<cite><a href="#rfc-rfc2616">RFC2616</a></cite>]
1.214     avankest 1430: 
1.264     avankest 1431:   <hr>
                   1432: 
1.214     avankest 1433:   <p>If the user agent implements server-driven content-negotiation it <em
                   1434:    class=ct>should</em> set <code>Accept-Encoding</code> and
1.233     avankest 1435:    <code>Accept-Charset</code> headers as appropriate. For
                   1436:    <code>Accept</code> and <code>Accept-Language</code> the user agent <em
                   1437:    class=ct>must</em> follow these constraints:
                   1438: 
                   1439:   <ul>
                   1440:    <li>
                   1441:     <p>Both headers <em class=ct>must not</em> be modified if they are
1.284     avankest 1442:      already set through <a href="#dom-xmlhttprequest-setrequestheader"><code
                   1443:      title=dom-XMLHttpRequest-setRequestHeader>setRequestHeader()</code></a>.
1.233     avankest 1444: 
                   1445:    <li>
1.270     avankest 1446:     <p>If not set through <a
1.284     avankest 1447:      href="#dom-xmlhttprequest-setrequestheader"><code
                   1448:      title=dom-XMLHttpRequest-setRequestHeader>setRequestHeader()</code></a>
1.257     avankest 1449:      <code>Accept-Language</code> <em class=ct>should</em> be set as
1.233     avankest 1450:      appropriate.
                   1451: 
                   1452:    <li>
1.270     avankest 1453:     <p>If not set through <a
1.284     avankest 1454:      href="#dom-xmlhttprequest-setrequestheader"><code
                   1455:      title=dom-XMLHttpRequest-setRequestHeader>setRequestHeader()</code></a>
1.233     avankest 1456:      <code>Accept</code> <em class=ct>must</em> be set with as value
                   1457:      <code>*/*</code>.
                   1458:   </ul>
                   1459: 
                   1460:   <p>Responses <em class=ct>must</em> have the content-encodings
1.250     avankest 1461:    automatically decoded. [<cite><a href="#rfc-rfc2616">RFC2616</a></cite>]
1.214     avankest 1462: 
1.264     avankest 1463:   <hr>
                   1464: 
1.214     avankest 1465:   <p>Besides the <a href="#author-request-headers">author request headers</a>
                   1466:    user agents <em class=ct>should not</em> include additional request
                   1467:    headers other than those mentioned above or other than those authors are
1.270     avankest 1468:    not allowed to set using <a
1.284     avankest 1469:    href="#dom-xmlhttprequest-setrequestheader"><code
                   1470:    title=dom-XMLHttpRequest-setRequestHeader>setRequestHeader()</code></a>.
1.275     avankest 1471:    This ensures that authors have a reasonably predictable API.
1.214     avankest 1472: 
1.250     avankest 1473:   <h4 id=infrastructure-for-the-send-method><span class=secno>3.6.4.
1.214     avankest 1474:    </span>Infrastructure for the <code title="">send()</code> method</h4>
                   1475: 
1.221     avankest 1476:   <p>The <dfn id=same-origin-request-event-rules>same-origin request event
                   1477:    rules</dfn> are as follows:
1.205     avankest 1478: 
                   1479:   <dl class=switch>
1.290     avankest 1480:    <dt>If the response has an HTTP status code of 301, 302, 303, or 307
1.205     avankest 1481: 
                   1482:    <dd>
1.259     avankest 1483:     <p>If the <a href="#origin">origin</a> of the <a href="#url">URL</a>
                   1484:      conveyed by the <code title=http-location>Location</code> header is <a
                   1485:      href="#same-origin">same origin</a> with the <a
                   1486:      href="#xmlhttprequest-origin"><code>XMLHttpRequest</code> origin</a> and
                   1487:      the redirect does not violate infinite loop precautions, transparently
                   1488:      follow the redirect while observing the <a
1.221     avankest 1489:      href="#same-origin-request-event-rules">same-origin request event
                   1490:      rules</a>.</p>
1.205     avankest 1491: 
1.250     avankest 1492:     <p>Otherwise, this is a <a href="#network-error">network error</a>.</p>
                   1493: 
1.205     avankest 1494:     <p class=note>HTTP places requirements on the user agent regarding the
1.206     avankest 1495:      preservation of the <a href="#request-method">request method</a> and <a
                   1496:      href="#request-entity-body">request entity body</a> during redirects,
1.229     avankest 1497:      and also requires end users to be notified of certain kinds of automatic
1.205     avankest 1498:      redirections.</p>
                   1499:     <!-- XXX HTTP needs fixing here -->
                   1500: 
1.290     avankest 1501:    <dt>If the end user cancels the request
1.205     avankest 1502: 
1.215     avankest 1503:    <dd>
                   1504:     <p>This is an <a href="#abort-error">abort error</a>.
1.119     avankest 1505: 
1.290     avankest 1506:    <dt>If there is a network error
1.216     avankest 1507: 
1.215     avankest 1508:    <dd>
                   1509:     <p>In case of DNS errors, TLS negotiation failure, or other type of
                   1510:      network errors, this is a <a href="#network-error">network error</a>. Do
1.229     avankest 1511:      not request any kind of end user interaction.</p>
1.205     avankest 1512: 
1.215     avankest 1513:     <p class=note>This does not include HTTP responses that indicate some
                   1514:      type of error, such as HTTP status code 410.</p>
1.119     avankest 1515: 
1.215     avankest 1516:    <dt>Once all HTTP headers have been received and the <a
1.259     avankest 1517:     href="#asynchronous-flag">asynchronous flag</a> is true (and this is not
                   1518:     an HTTP redirect)
1.60      avankest 1519: 
1.215     avankest 1520:    <dd>
1.289     avankest 1521:     <p><a href="#switch-headers-received">Switch to the HEADERS_RECEIVED
                   1522:      state</a>.
1.60      avankest 1523: 
1.222     avankest 1524:    <dt>Once the first byte (or more) of the <a
                   1525:     href="#response-entity-body">response entity body</a> has been received
                   1526:     and the <a href="#asynchronous-flag">asynchronous flag</a> is true
                   1527: 
                   1528:    <dt>If there is no <a href="#response-entity-body">response entity
                   1529:     body</a> and the <a href="#asynchronous-flag">asynchronous flag</a> is
1.215     avankest 1530:     true
1.19      avankest 1531: 
1.222     avankest 1532:    <dd>
1.289     avankest 1533:     <p><a href="#switch-loading">Switch to the LOADING state</a>.
1.222     avankest 1534: 
                   1535:    <dt>Once the whole <a href="#response-entity-body">response entity
                   1536:     body</a> has been received
                   1537: 
                   1538:    <dt>If there is no <a href="#response-entity-body">response entity
1.226     avankest 1539:     body</a> and the <a href="#asynchronous-flag">asynchronous flag</a> is
1.277     avankest 1540:     false or the state is <a href="#dom-xmlhttprequest-loading"
                   1541:     title=dom-XMLHttpRequest-LOADING>LOADING</a>
1.185     avankest 1542: 
1.215     avankest 1543:    <dd>
1.289     avankest 1544:     <p><a href="#switch-done">Switch to the DONE state</a>.
1.215     avankest 1545:   </dl>
1.6       avankest 1546: 
1.215     avankest 1547:   <hr>
1.6       avankest 1548: 
1.215     avankest 1549:   <p>When something is said to be a <dfn id=network-error>network error</dfn>
1.270     avankest 1550:    run the <a href="#request-error">request error</a> steps for exception <a
                   1551:    href="#network-err"><code>NETWORK_ERR</code></a>.
1.62      avankest 1552: 
1.243     avankest 1553:   <p>When something is said to be an <dfn id=abort-error>abort error</dfn>
1.270     avankest 1554:    run the <a href="#request-error">request error</a> steps for exception <a
                   1555:    href="#abort-err"><code>ABORT_ERR</code></a>.
1.84      avankest 1556: 
1.244     avankest 1557:   <p>When something is said to be a <dfn id=request-error>request error</dfn>
                   1558:    for exception <var>exception</var> run these steps:
1.60      avankest 1559: 
1.256     avankest 1560:   <ol>
                   1561:    <li>
                   1562:     <p>The user agent <em class=ct>should</em> cancel any network activity
                   1563:      for which the object is responsible.
                   1564: 
                   1565:    <li>
                   1566:     <p>If there are any <a href="#task" title=task>tasks</a> from the
                   1567:      object's <a
                   1568:      href="#xmlhttprequest-task-source"><code>XMLHttpRequest</code> task
                   1569:      source</a> in one of the <a href="#task-queues">task queues</a>, then
                   1570:      remove those tasks.
1.252     avankest 1571: 
1.215     avankest 1572:    <li>
                   1573:     <p>Set the <a href="#response-entity-body">response entity body</a> to
                   1574:      null.
1.205     avankest 1575: 
1.215     avankest 1576:    <li>
1.256     avankest 1577:     <p>Empty the list of <a href="#author-request-headers">author request
                   1578:      headers</a>.
1.205     avankest 1579: 
1.215     avankest 1580:    <li>
1.256     avankest 1581:     <p>Set the the <a href="#error-flag">error flag</a> to true.
1.205     avankest 1582: 
1.215     avankest 1583:    <li>
1.277     avankest 1584:     <p>Switch the state to <a href="#dom-xmlhttprequest-done"
                   1585:      title=dom-XMLHttpRequest-DONE>DONE</a>.
1.205     avankest 1586: 
1.215     avankest 1587:    <li>
                   1588:     <p>If the <a href="#asynchronous-flag">asynchronous flag</a> is false
1.243     avankest 1589:      raise an <var>exception</var> exception and terminate the overall set of
                   1590:      steps.
1.205     avankest 1591: 
1.215     avankest 1592:    <li>
1.251     avankest 1593:     <p><a href="#dispatch-readystatechange-event">Dispatch a
1.250     avankest 1594:      <code>readystatechange</code> event</a>.</p>
                   1595: 
                   1596:     <p class=note>At this point it is clear that the <a
                   1597:      href="#asynchronous-flag">asynchronous flag</a> is true.</p>
1.205     avankest 1598: 
1.215     avankest 1599:    <li>
1.250     avankest 1600:     <p>Terminate the overall algorithm.
1.215     avankest 1601:   </ol>
1.6       avankest 1602: 
1.278     avankest 1603:   <p class=note>A future version of this specification will dispatch an <code
1.280     avankest 1604:    title=event-xhr-error>error</code>/<code>abort</code> event here as well.
                   1605:    (Depending on the type of error.)
1.6       avankest 1606: 
1.215     avankest 1607:   <hr>
1.2       avankest 1608: 
1.215     avankest 1609:   <p>When it is said to <dfn id=switch-headers-received>switch to the
1.289     avankest 1610:    HEADERS_RECEIVED state</dfn> run these steps:
1.60      avankest 1611: 
1.215     avankest 1612:   <ol>
                   1613:    <li>
1.277     avankest 1614:     <p>Switch the state to <a href="#dom-xmlhttprequest-headers_received"
                   1615:      title="dom-XMLHttpRequest-HEADERS_RECEIVED">HEADERS_RECEIVED</a>.
1.125     avankest 1616: 
1.215     avankest 1617:    <li>
1.251     avankest 1618:     <p><a href="#dispatch-readystatechange-event">Dispatch a
1.215     avankest 1619:      <code>readystatechange</code> event</a>.
                   1620:   </ol>
1.205     avankest 1621: 
1.289     avankest 1622:   <p>When it is said to <dfn id=switch-loading>switch to the LOADING
                   1623:    state</dfn> run these steps:
1.205     avankest 1624: 
1.215     avankest 1625:   <ol>
                   1626:    <li>
1.277     avankest 1627:     <p>Switch the state to <a href="#dom-xmlhttprequest-loading"
                   1628:      title=dom-XMLHttpRequest-LOADING>LOADING</a>.
1.17      avankest 1629: 
1.215     avankest 1630:    <li>
1.251     avankest 1631:     <p><a href="#dispatch-readystatechange-event">Dispatch a
1.215     avankest 1632:      <code>readystatechange</code> event</a>.
                   1633:   </ol>
1.205     avankest 1634: 
1.289     avankest 1635:   <p>When it is said to <dfn id=switch-done>switch to the DONE state</dfn>
                   1636:    run these steps:
1.218     avankest 1637: 
                   1638:   <ol>
                   1639:    <li>
1.257     avankest 1640:     <p>If the <a href="#asynchronous-flag">asynchronous flag</a> is false
                   1641:      update the <a href="#response-entity-body">response entity body</a>.
                   1642: 
                   1643:    <li>
1.277     avankest 1644:     <p>Switch the state to <a href="#dom-xmlhttprequest-done"
                   1645:      title=dom-XMLHttpRequest-DONE>DONE</a>.
1.218     avankest 1646: 
                   1647:    <li>
1.250     avankest 1648:     <p><a href="#dispatch-readystatechange-event">Dispatch a
1.218     avankest 1649:      <code>readystatechange</code> event</a>.
                   1650:   </ol>
                   1651: 
1.250     avankest 1652:   <h4 id=the-abort-method><span class=secno>3.6.5. </span>The <code
1.205     avankest 1653:    title="">abort()</code> method</h4>
                   1654: 
1.280     avankest 1655:   <dl class=domintro>
                   1656:    <dt><var title="">client</var> . <a href="#dom-xmlhttprequest-abort"><code
                   1657:     title=dom-XMLHttpRequest-abort>abort()</code></a>
                   1658: 
                   1659:    <dd>Cancels any network activity.
                   1660:   </dl>
                   1661: 
                   1662:   <p>When the <dfn id=dom-xmlhttprequest-abort
                   1663:    title=dom-XMLHttpRequest-abort><code>abort()</code></dfn> method is
                   1664:    invoked, the user agent <em class=ct>must</em> run these steps (unless
                   1665:    otherwise noted):
1.205     avankest 1666: 
                   1667:   <ol>
                   1668:    <li>
                   1669:     <p><a href="#abort-send-algorithm" title="abort send()">Abort the
                   1670:      <code>send()</code> algorithm</a>.
1.202     avankest 1671: 
1.205     avankest 1672:    <li>
                   1673:     <p>The user agent <em class=ct>should</em> cancel any network activity
                   1674:      for which the object is responsible.
1.254     avankest 1675: 
                   1676:    <li>
                   1677:     <p>If there are any <a href="#task" title=task>tasks</a> from the
                   1678:      object's <a
                   1679:      href="#xmlhttprequest-task-source"><code>XMLHttpRequest</code> task
                   1680:      source</a> in one of the <a href="#task-queues">task queues</a>, then
                   1681:      remove those tasks.
1.205     avankest 1682: 
                   1683:    <li>
                   1684:     <p>Set the <a href="#response-entity-body">response entity body</a> to
                   1685:      null.
                   1686: 
                   1687:    <li>
1.254     avankest 1688:     <p>Empty the list of <a href="#author-request-headers">author request
                   1689:      headers</a>.
1.205     avankest 1690: 
                   1691:    <li>
1.254     avankest 1692:     <p>Set the <a href="#error-flag">error flag</a> to true.
1.205     avankest 1693: 
                   1694:    <li>
1.277     avankest 1695:     <p>If the state is <a href="#dom-xmlhttprequest-unsent"
                   1696:      title=dom-XMLHttpRequest-UNSENT>UNSENT</a>, <a
                   1697:      href="#dom-xmlhttprequest-opened"
                   1698:      title=dom-XMLHttpRequest-OPENED>OPENED</a> with the <a
                   1699:      href="#send-flag"><code>send()</code> flag</a> being false, or <a
                   1700:      href="#dom-xmlhttprequest-done" title=dom-XMLHttpRequest-DONE>DONE</a>
                   1701:      go to the next step.</p>
1.205     avankest 1702: 
                   1703:     <p>Otherwise run these substeps:</p>
                   1704: 
                   1705:     <ol>
1.202     avankest 1706:      <li>
1.277     avankest 1707:       <p>Switch the state to <a href="#dom-xmlhttprequest-done"
                   1708:        title=dom-XMLHttpRequest-DONE>DONE</a>.
1.77      avankest 1709: 
                   1710:      <li>
1.205     avankest 1711:       <p>Set the <a href="#send-flag"><code>send()</code> flag</a> to false.
1.77      avankest 1712: 
                   1713:      <li>
1.205     avankest 1714:       <p><a href="#dispatch-readystatechange-event">Dispatch a
                   1715:        <code>readystatechange</code> event</a>.
1.60      avankest 1716:     </ol>
1.17      avankest 1717: 
1.252     avankest 1718:     <p class=note>A future version of this specification will dispatch an
1.278     avankest 1719:      <code title=event-xhr-abort>abort</code> event here.</p>
1.220     avankest 1720: 
1.205     avankest 1721:    <li>
1.277     avankest 1722:     <p>Switch the state to <a href="#dom-xmlhttprequest-unsent"
                   1723:      title=dom-XMLHttpRequest-UNSENT>UNSENT</a>.</p>
1.205     avankest 1724: 
1.278     avankest 1725:     <p class=note>No <code
                   1726:      title=event-xhr-readystatechange>readystatechange</code> event is
                   1727:      dispatched.</p>
1.205     avankest 1728:   </ol>
                   1729: 
1.250     avankest 1730:   <h3 id=response><span class=secno>3.7. </span>Response</h3>
1.205     avankest 1731: 
1.250     avankest 1732:   <h4 id=the-status-attribute><span class=secno>3.7.1. </span>The <code
1.205     avankest 1733:    title="">status</code> attribute</h4>
                   1734: 
1.281     avankest 1735:   <dl class=domintro>
                   1736:    <dt><var title="">client</var> . <a
                   1737:     href="#dom-xmlhttprequest-status"><code
                   1738:     title=dom-XMLHttpRequest-status>status</code></a>
                   1739: 
                   1740:    <dd>
                   1741:     <p>Returns the HTTP status code.
                   1742:   </dl>
                   1743: 
                   1744:   <p>The <dfn id=dom-xmlhttprequest-status
                   1745:    title=dom-XMLHttpRequest-status><code>status</code></dfn> attribute <em
                   1746:    class=ct>must</em> return the result of running these steps:
1.224     avankest 1747: 
                   1748:   <ol>
                   1749:    <li>
1.277     avankest 1750:     <p>If the state is <a href="#dom-xmlhttprequest-unsent"
                   1751:      title=dom-XMLHttpRequest-UNSENT>UNSENT</a> or <a
                   1752:      href="#dom-xmlhttprequest-opened"
                   1753:      title=dom-XMLHttpRequest-OPENED>OPENED</a> return 0 and terminate these
                   1754:      steps.
1.224     avankest 1755: 
                   1756:    <li>
1.241     avankest 1757:     <p>If the <a href="#error-flag">error flag</a> is true return 0 and
                   1758:      terminate these steps.
1.224     avankest 1759: 
                   1760:    <li>
                   1761:     <p>Return the HTTP status code.
                   1762:   </ol>
1.205     avankest 1763: 
1.250     avankest 1764:   <h4 id=the-statustext-attribute><span class=secno>3.7.2. </span>The <code
1.205     avankest 1765:    title="">statusText</code> attribute</h4>
                   1766: 
1.281     avankest 1767:   <dl class=domintro>
                   1768:    <dt><var title="">client</var> . <a
                   1769:     href="#dom-xmlhttprequest-statustext"><code
                   1770:     title=dom-XMLHttpRequest-statusText>statusText</code></a>
                   1771: 
                   1772:    <dd>
                   1773:     <p>Returns the HTTP status text.
                   1774:   </dl>
                   1775: 
                   1776:   <p>The <dfn id=dom-xmlhttprequest-statustext
                   1777:    title=dom-XMLHttpRequest-statusText><code>statusText</code></dfn>
1.275     avankest 1778:    attribute <em class=ct>must</em> return the result of running these steps:
1.224     avankest 1779: 
                   1780:   <ol>
                   1781:    <li>
1.277     avankest 1782:     <p>If the state is <a href="#dom-xmlhttprequest-unsent"
                   1783:      title=dom-XMLHttpRequest-UNSENT>UNSENT</a> or <a
                   1784:      href="#dom-xmlhttprequest-opened"
                   1785:      title=dom-XMLHttpRequest-OPENED>OPENED</a> return the empty string and
                   1786:      terminate these steps.
1.224     avankest 1787: 
                   1788:    <li>
                   1789:     <p>If the <a href="#error-flag">error flag</a> is true return the empty
                   1790:      string and terminate these steps.
                   1791: 
                   1792:    <li>
                   1793:     <p>Return the HTTP status text.
                   1794:   </ol>
1.205     avankest 1795: 
1.250     avankest 1796:   <h4 id=the-getresponseheader-method><span class=secno>3.7.3. </span>The
1.205     avankest 1797:    <code title="">getResponseHeader()</code> method</h4>
                   1798: 
1.283     avankest 1799:   <dl class=domintro>
                   1800:    <dt><var title="">client</var> . <a
                   1801:     href="#dom-xmlhttprequest-getresponseheader"><code
                   1802:     title=dom-XMLHttpRequest-getResponseHeader>getResponseHeader(<var
                   1803:     title="">header</var>)</code></a>
                   1804: 
                   1805:    <dd>
                   1806:     <p>Returns the header field value from the response of which the field
                   1807:      name matches <var title="">header</var>, unless the field name is
                   1808:      <code>Set-Cookie</code> or <code>Set-Cookie2</code>.
                   1809:   </dl>
                   1810: 
1.275     avankest 1811:   <p>When the <dfn id=dom-xmlhttprequest-getresponseheader
1.283     avankest 1812:    title=dom-XMLHttpRequest-getResponseHeader><code>getResponseHeader(<var
                   1813:    title="">header</var>)</code></dfn> is invoked, the user agent <em
                   1814:    class=ct>must</em> run these steps:
1.205     avankest 1815: 
                   1816:   <ol>
                   1817:    <li>
1.277     avankest 1818:     <p>If the state is <a href="#dom-xmlhttprequest-unsent"
                   1819:      title=dom-XMLHttpRequest-UNSENT>UNSENT</a> or <a
                   1820:      href="#dom-xmlhttprequest-opened"
                   1821:      title=dom-XMLHttpRequest-OPENED>OPENED</a> return null and terminate
                   1822:      these steps.
1.205     avankest 1823: 
                   1824:    <li>
1.241     avankest 1825:     <p>If the <a href="#error-flag">error flag</a> is true return null and
                   1826:      terminate these steps.
1.205     avankest 1827: 
                   1828:    <li>
1.258     avankest 1829:     <p>If any code point in <var>header</var> is higher than U+00FF LATIN
                   1830:      SMALL LETTER Y WITH DIAERESIS return null and terminate these steps.
                   1831: 
                   1832:    <li>
1.299   ! avankest 1833:     <p>Let <var>header</var> be the result of <a
        !          1834:      href="#deflate-a-domstring-into-a-byte-sequence" title="deflate a
        !          1835:      DOMString into a byte sequence">deflating</a> <var>header</var>.
1.258     avankest 1836:    </li>
                   1837:    <!-- This sounds lame, but it works. -->
1.205     avankest 1838: 
                   1839:    <li>
1.258     avankest 1840:     <p>If <var>header</var> is a case-insensitive match for
                   1841:      <code>Set-Cookie</code> or <code>Set-Cookie2</code> return null and
1.205     avankest 1842:      terminate these steps.
                   1843: 
                   1844:    <li>
1.258     avankest 1845:     <p>If <var>header</var> is a case-insensitive match for multiple HTTP
1.299   ! avankest 1846:      response headers, return the <a
        !          1847:      href="#inflate-a-byte-sequence-into-a-domstring" title="inflate a byte
        !          1848:      sequence into a DOMString">inflated</a> values of these headers as a
        !          1849:      single concatenated string separated from each other by a U+002C COMMA
        !          1850:      U+0020 SPACE character pair and terminate these steps.
1.258     avankest 1851: 
                   1852:    <li>
                   1853:     <p>If <var>header</var> is a case-insensitive match for a single HTTP
1.299   ! avankest 1854:      response header, return the <a
        !          1855:      href="#inflate-a-byte-sequence-into-a-domstring" title="inflate a byte
        !          1856:      sequence into a DOMString">inflated</a> value of that header and
        !          1857:      terminate these steps.
1.205     avankest 1858: 
                   1859:    <li>
1.241     avankest 1860:     <p>Return null.
1.205     avankest 1861:   </ol>
                   1862: 
                   1863:   <div class=example>
1.252     avankest 1864:    <p>For the following script:</p>
                   1865: 
                   1866:    <pre><code>var client = new XMLHttpRequest();
                   1867: client.open("GET", "unicorns-are-teh-awesome.txt", true);
1.6       avankest 1868: client.send();
1.16      avankest 1869: client.onreadystatechange = function() {
1.252     avankest 1870:   if(this.readyState == 2) {
                   1871:     print(client.getResponseHeader("Content-Type"));
                   1872:   }
                   1873: }</code></pre>
                   1874: 
                   1875:    <p>The <code>print()</code> function will get to process something like:</p>
1.1       avankest 1876: 
1.252     avankest 1877:    <pre><code>text/plain; charset=UTF-8</code></pre>
1.205     avankest 1878:   </div>
                   1879: 
1.250     avankest 1880:   <h4 id=the-getallresponseheaders-method><span class=secno>3.7.4. </span>The
1.205     avankest 1881:    <code title="">getAllResponseHeaders()</code> method</h4>
1.2       avankest 1882: 
1.283     avankest 1883:   <dl class=domintro>
1.298     avankest 1884:    <dt><var title="">client</var> . <a
                   1885:     href="#dom-xmlhttprequest-getallresponseheaders"><code
                   1886:     title=dom-XMLHttpRequest-getAllResponseHeaders>getAllResponseHeaders()</code></a>
1.283     avankest 1887: 
                   1888:    <dd>
                   1889:     <p>Returns all headers from the response, with the exception of those
                   1890:      whose field name is <code>Set-Cookie</code> or <code>Set-Cookie2</code>.
                   1891:   </dl>
                   1892: 
1.298     avankest 1893:   <p>When the <dfn id=dom-xmlhttprequest-getallresponseheaders
                   1894:    title=dom-XMLHttpRequest-getAllResponseHeaders><code>getAllResponseHeaders()</code></dfn>
1.275     avankest 1895:    method is invoked, the user agent <em class=ct>must</em> run the following
                   1896:    steps:
1.6       avankest 1897: 
1.205     avankest 1898:   <ol>
                   1899:    <li>
1.277     avankest 1900:     <p>If the state is <a href="#dom-xmlhttprequest-unsent"
                   1901:      title=dom-XMLHttpRequest-UNSENT>UNSENT</a> or <a
                   1902:      href="#dom-xmlhttprequest-opened"
                   1903:      title=dom-XMLHttpRequest-OPENED>OPENED</a> return the empty string and
                   1904:      terminate these steps.
1.205     avankest 1905: 
                   1906:    <li>
                   1907:     <p>If the <a href="#error-flag">error flag</a> is true return the empty
                   1908:      string and terminate these steps.
                   1909: 
                   1910:    <li>
1.258     avankest 1911:     <p>Return all the HTTP headers, excluding headers that are a
                   1912:      case-insensitive match for <code>Set-Cookie</code> or
1.299   ! avankest 1913:      <code>Set-Cookie2</code>, <a
        !          1914:      href="#inflate-a-byte-sequence-into-a-domstring" title="inflate a byte
        !          1915:      sequence into a DOMString">inflated</a>, as a single string, with each
        !          1916:      header line separated by a U+000D CR U+000A LF pair, excluding the
        !          1917:      status line, and with each header name and header value separated by a
        !          1918:      U+003A COLON U+0020 SPACE pair.
1.205     avankest 1919:   </ol>
                   1920: 
                   1921:   <div class=example>
1.252     avankest 1922:    <p>For the following script:</p>
                   1923: 
                   1924:    <pre><code>var client = new XMLHttpRequest();
                   1925: client.open("GET", "narwhals-too.txt", true);
1.205     avankest 1926: client.send();
                   1927: client.onreadystatechange = function() {
                   1928:  if(this.readyState == 2) {
                   1929:   print(this.getAllResponseHeaders());
                   1930:  }
1.252     avankest 1931: }</code></pre>
                   1932: 
                   1933:    <p>The <code>print()</code> function will get to process something like:</p>
1.205     avankest 1934: 
1.252     avankest 1935:    <pre><code>Date: Sun, 24 Oct 2004 04:58:38 GMT
1.205     avankest 1936: Server: Apache/1.3.31 (Unix)
                   1937: Keep-Alive: timeout=15, max=99
                   1938: Connection: Keep-Alive
                   1939: Transfer-Encoding: chunked
                   1940: Content-Type: text/plain; charset=utf-8</code></pre>
                   1941:   </div>
                   1942: 
1.250     avankest 1943:   <h4 id=response-entity-body0><span class=secno>3.7.5. </span>Response
1.248     avankest 1944:    Entity Body</h4>
1.250     avankest 1945: 
                   1946:   <p>The <dfn id=response-mime-type>response MIME type</dfn> is the MIME type
                   1947:    the <code>Content-Type</code> header contains without any parameters or
                   1948:    null if the header could not be parsed properly or was omitted. The <dfn
                   1949:    id=override-mime-type>override MIME type</dfn> is always null. <dfn
                   1950:    id=final-mime-type>Final MIME type</dfn> is the override MIME type unless
                   1951:    that is null in which case it is the response MIME type.
                   1952: 
                   1953:   <p>The <dfn id=response-charset>response charset</dfn> is the value of the
                   1954:    <code>charset</code> parameter of the <code>Content-Type</code> header or
                   1955:    null if there was no <code>charset</code> parameter or if the header could
                   1956:    not be parsed properly or was omitted. The <dfn
                   1957:    id=override-charset>override charset</dfn> is always null. <dfn
                   1958:    id=final-charset>Final charset</dfn> is the override charset unless that
                   1959:    is null in which case it is the response charset.
                   1960: 
                   1961:   <p class=note><a href="#override-mime-type">Override MIME type</a> and <a
                   1962:    href="#override-charset">override charset</a> are introduced here solely
                   1963:    to make editing several levels of XMLHttpRequest simultaneously somewhat
                   1964:    easier. Apologies for any confusion they might cause.
                   1965: 
                   1966:   <hr>
1.205     avankest 1967: 
                   1968:   <p>The <dfn id=response-entity-body>response entity body</dfn> is the
1.257     avankest 1969:    fragment of the <a href="#entity-body">entity body</a> of the response
1.277     avankest 1970:    received so far (<a href="#dom-xmlhttprequest-loading"
                   1971:    title=dom-XMLHttpRequest-LOADING>LOADING</a>) or the complete entity body
                   1972:    of the response (<a href="#dom-xmlhttprequest-done"
                   1973:    title=dom-XMLHttpRequest-DONE>DONE</a>). If the response does not have an
                   1974:    entity body the response entity body is null.
1.257     avankest 1975: 
                   1976:   <p class=note>The <a href="#response-entity-body">response entity body</a>
1.276     avankest 1977:    is updated as part of the <a href="#dom-xmlhttprequest-send"><code
                   1978:    title=dom-XMLHttpRequest-send>send()</code></a> algorithm.
1.205     avankest 1979: 
                   1980:   <hr>
                   1981: 
                   1982:   <p>The <dfn id=text-response-entity-body>text response entity body</dfn> is
                   1983:    a <code>DOMString</code> representing the <a
1.250     avankest 1984:    href="#response-entity-body">response entity body</a>. The text response
                   1985:    entity body is the return value of the following algorithm:
1.205     avankest 1986: 
                   1987:   <ol>
                   1988:    <li>
1.250     avankest 1989:     <p>If the response entity body is null return the empty string and
                   1990:      terminate these steps.</p>
                   1991: 
                   1992:    <li>
                   1993:     <p>Let <var>charset</var> be the <a href="#final-charset">final
                   1994:      charset</a>.
1.205     avankest 1995: 
                   1996:    <li>
1.250     avankest 1997:     <p>Let <var>mime</var> be the <a href="#final-mime-type">final MIME
                   1998:      type</a>.
1.205     avankest 1999: 
                   2000:    <li>
1.250     avankest 2001:     <p>If <var>charset</var> is null and <var>mime</var> is null,
1.205     avankest 2002:      <code>text/xml</code>, <code>application/xml</code> or ends in <code
1.250     avankest 2003:      title="">+xml</code> use the rules set forth in the XML specifications
                   2004:      to determine the character encoding. Let <var>charset</var> be the
                   2005:      determined character encoding.
1.205     avankest 2006: 
                   2007:    <li>
1.250     avankest 2008:     <p>If <var>charset</var> is null and <var>mime</var> is
                   2009:      <code>text/html</code> follow the rules set forth in the HTML
                   2010:      specification to determine the character encoding. Let
1.205     avankest 2011:      <var>charset</var> be the determined character encoding. [<cite><a
                   2012:      href="#ref-html5">HTML5</a></cite>]
                   2013: 
                   2014:    <li>
                   2015:     <p>If <var>charset</var> is null then, for each of the rows in the
                   2016:      following table, starting with the first one and going down, if the
                   2017:      first bytes of <var>bytes</var> match the bytes given in the first
                   2018:      column, then let <var>charset</var> be the encoding given in the cell in
                   2019:      the second column of that row. If there is no match <var>charset</var>
                   2020:      remains null.</p>
                   2021: 
                   2022:     <table>
                   2023:      <thead>
                   2024:       <tr>
                   2025:        <th>Bytes in Hexadecimal
                   2026: 
                   2027:        <th>Description
                   2028: 
1.239     avankest 2029:      <tbody>
1.205     avankest 2030:       <tr>
                   2031:        <td>FE FF
                   2032: 
                   2033:        <td>UTF-16BE BOM
                   2034: 
                   2035:       <tr>
                   2036:        <td>FF FE
                   2037: 
                   2038:        <td>UTF-16LE BOM
                   2039: 
                   2040:       <tr>
                   2041:        <td>EF BB BF
                   2042: 
1.239     avankest 2043:        <td>UTF-8 BOM
1.205     avankest 2044:     </table>
                   2045: 
                   2046:    <li>
                   2047:     <p>If <var>charset</var> is null let <var>charset</var> be UTF-8.
                   2048: 
                   2049:    <li>
                   2050:     <p>Return the result of decoding the response entity body using
                   2051:      <var>charset</var>. Replace bytes or sequences of bytes that are not
1.250     avankest 2052:      valid accordng to the <var>charset</var> with a single U+FFFD
1.205     avankest 2053:      REPLACEMENT CHARACTER character.
                   2054:   </ol>
                   2055: 
                   2056:   <p class=note>Authors are strongly encouraged to encode their resources
                   2057:    using UTF-8.
                   2058: 
                   2059:   <hr>
                   2060: 
1.250     avankest 2061:   <p>The <dfn id=document-response-entity-body>document response entity
                   2062:    body</dfn> is either a <code>Document</code> representing the <a
                   2063:    href="#response-entity-body">response entity body</a> or null. The
                   2064:    document response entity body is the return value of the following
                   2065:    algorithm:
1.89      avankest 2066: 
1.205     avankest 2067:   <ol>
                   2068:    <li>
                   2069:     <p>If the <a href="#response-entity-body">response entity body</a> is
1.241     avankest 2070:      null terminate these steps and return null.
1.6       avankest 2071: 
1.205     avankest 2072:    <li>
1.250     avankest 2073:     <p>If <a href="#final-mime-type">final MIME type</a> is not null,
                   2074:      <code>text/xml</code>, <code>application/xml</code>, and does not end in
                   2075:      <code title="">+xml</code> terminate these steps and return null.
1.12      avankest 2076: 
1.205     avankest 2077:    <li>
1.268     avankest 2078:     <p>Let <var>document</var> be a <a
                   2079:      href="#cookie-free-document-object">cookie-free <code>Document</code>
                   2080:      object</a> that represents the result of parsing the response entity
                   2081:      body into a document tree following the rules from the XML
                   2082:      specifications. If this fails (unsupported character encoding, namespace
                   2083:      well-formedness error et cetera) terminate these steps return null.
                   2084:      [<cite><a href="#ref-xml">XML</a></cite>]</p>
1.6       avankest 2085: 
1.205     avankest 2086:     <p class=note>Scripts in the resulting document tree will not be
                   2087:      executed, resources referenced will not be loaded and no associated XSLT
                   2088:      will be applied.</p>
1.76      avankest 2089: 
1.205     avankest 2090:    <li>
1.250     avankest 2091:     <p>Return <var>document</var>.
1.205     avankest 2092:   </ol>
1.76      avankest 2093: 
1.250     avankest 2094:   <h4 id=the-responsetext-attribute><span class=secno>3.7.6. </span>The <code
1.205     avankest 2095:    title="">responseText</code> attribute</h4>
1.12      avankest 2096: 
1.281     avankest 2097:   <dl class=domintro>
                   2098:    <dt><var title="">client</var> . <a
                   2099:     href="#dom-xmlhttprequest-responsetext"><code
                   2100:     title=dom-XMLHttpRequest-responseText>responseText</code></a>
                   2101: 
                   2102:    <dd>
                   2103:     <p>Returns the <a href="#text-response-entity-body">text response entity
                   2104:      body</a>.
                   2105:   </dl>
                   2106: 
                   2107:   <p>The <dfn id=dom-xmlhttprequest-responsetext
                   2108:    title=dom-XMLHttpRequest-responseText><code>responseText</code></dfn>
1.275     avankest 2109:    attribute <em class=ct>must</em> return the result of running these steps:
1.6       avankest 2110: 
1.205     avankest 2111:   <ol>
                   2112:    <li>
1.277     avankest 2113:     <p>If the state is not <a href="#dom-xmlhttprequest-loading"
                   2114:      title=dom-XMLHttpRequest-LOADING>LOADING</a> or <a
                   2115:      href="#dom-xmlhttprequest-done" title=dom-XMLHttpRequest-DONE>DONE</a>
1.205     avankest 2116:      return the empty string and terminate these steps.
1.12      avankest 2117: 
1.205     avankest 2118:    <li>
                   2119:     <p>Return the <a href="#text-response-entity-body">text response entity
                   2120:      body</a>.
                   2121:   </ol>
1.2       avankest 2122: 
1.250     avankest 2123:   <h4 id=the-responsexml-attribute><span class=secno>3.7.7. </span>The <code
1.205     avankest 2124:    title="">responseXML</code> attribute</h4>
1.2       avankest 2125: 
1.281     avankest 2126:   <dl class=domintro>
                   2127:    <dt><var title="">client</var> . <a
                   2128:     href="#dom-xmlhttprequest-responsexml"><code
                   2129:     title=dom-XMLHttpRequest-responseXML>responseXML</code></a>
                   2130: 
                   2131:    <dd>
                   2132:     <p>Returns the <a href="#document-response-entity-body">document response
                   2133:      entity body</a>.
                   2134:   </dl>
                   2135: 
                   2136:   <p>The <dfn id=dom-xmlhttprequest-responsexml
                   2137:    title=dom-XMLHttpRequest-responseXML><code>responseXML</code></dfn>
                   2138:    attribute <em class=ct>must</em> return the result of running these steps:
1.2       avankest 2139: 
1.205     avankest 2140:   <ol>
                   2141:    <li>
1.277     avankest 2142:     <p>If the state is not <a href="#dom-xmlhttprequest-done"
                   2143:      title=dom-XMLHttpRequest-DONE>DONE</a> return null and terminate these
                   2144:      steps.
1.2       avankest 2145: 
1.205     avankest 2146:    <li>
1.250     avankest 2147:     <p>Return the <a href="#document-response-entity-body">document response
                   2148:      entity body</a>.
1.291     avankest 2149:    </li>
                   2150:    <!-- XXX same object -->
1.205     avankest 2151:   </ol>
1.2       avankest 2152: 
1.250     avankest 2153:   <h2 id=exceptions><span class=secno>4. </span>Exceptions</h2>
1.33      avankest 2154: 
1.139     avankest 2155:   <p>Several algorithms in this specification may result in an exception
                   2156:    being thrown. These exceptions are all part of the group
1.186     avankest 2157:    <code>ExceptionCode</code> and use the <code>DOMException</code> object,
1.139     avankest 2158:    which is defined in DOM Level 3 Core. In addition this specification
                   2159:    extends the <code>ExceptionCode</code> group with several new constants as
1.146     avankest 2160:    indicated below. [<cite><a href="#ref-dom3core">DOM3Core</a></cite>]
1.139     avankest 2161: 
1.194     avankest 2162:   <p class=note>Thus, exceptions used by this specification and not defined
                   2163:    in this section are defined by DOM Level 3 Core.
                   2164: 
1.34      avankest 2165:   <pre
1.139     avankest 2166:    class=idl>const unsigned short <a href="#security-err">SECURITY_ERR</a> = 18;
1.200     avankest 2167: const unsigned short <a href="#network-err">NETWORK_ERR</a> = 19;
                   2168: const unsigned short <a href="#abort-err">ABORT_ERR</a> = 20;</pre>
1.33      avankest 2169: 
1.139     avankest 2170:   <p>The <dfn id=security-err><code>SECURITY_ERR</code></dfn> exception is
                   2171:    raised if an attempt is made to perform an operation or access some data
                   2172:    in a way that would be a security risk or a violation of the user agent's
                   2173:    security policy.</p>
                   2174:   <!-- http://lists.w3.org/Archives/Public/public-webapi/2006May/0027.html -->
                   2175: 
1.35      avankest 2176:   <p>The <dfn id=network-err><code>NETWORK_ERR</code></dfn> exception is
1.139     avankest 2177:    raised when a network error occurs in synchronous requests.
1.122     avankest 2178: 
1.139     avankest 2179:   <p>The <dfn id=abort-err><code>ABORT_ERR</code></dfn> exception is raised
1.122     avankest 2180:    when the user aborts a request in synchronous requests.
                   2181: 
1.242     avankest 2182:   <p class=note>These exceptions will be folded into an update of DOM Level 3
                   2183:    Core in due course, as they are appropriate for other API specifications
1.200     avankest 2184:    as well.
                   2185: 
1.250     avankest 2186:   <h2 class=no-num id=references>References</h2>
1.2       avankest 2187: 
1.178     avankest 2188:   <p>Unless marked "Non-normative" these references are normative.
                   2189: 
1.7       avankest 2190:   <dl>
1.232     avankest 2191:    <dt>[<dfn id=ref-cookies>COOKIES</dfn>]
1.205     avankest 2192: 
1.273     avankest 2193:    <dd><cite><a
                   2194:     href="http://tools.ietf.org/html/draft-ietf-httpstate-cookie">HTTP State
                   2195:     Management Mechanism</a></cite> (work in progress), A. Barth. IETF.
1.205     avankest 2196: 
1.156     avankest 2197:    <dt>[<dfn id=ref-dom2events>DOM2Events</dfn>]
                   2198: 
                   2199:    <dd><cite><a href="http://www.w3.org/TR/DOM-Level-2-Events/">Document
1.272     avankest 2200:     Object Model (DOM) Level 2 Events Specification</a></cite>, T. Pixley.
                   2201:     W3C.
1.156     avankest 2202: 
1.146     avankest 2203:    <dt>[<dfn id=ref-dom3core>DOM3Core</dfn>]
1.2       avankest 2204: 
1.15      avankest 2205:    <dd><cite><a href="http://www.w3.org/TR/DOM-Level-3-Core">Document Object
                   2206:     Model (DOM) Level 3 Core Specification</a></cite>, A. Le Hors, P. Le
1.272     avankest 2207:     H&eacute;garet, L. Wood, G. Nicol, J. Robie, M. Champion, S. Byrne. W3C.
1.2       avankest 2208: 
1.39      avankest 2209:    <dt>[<dfn id=ref-ecmascript>ECMAScript</dfn>]
1.18      avankest 2210: 
                   2211:    <dd><cite><a
                   2212:     href="http://www.ecma-international.org/publications/standards/Ecma-262.htm">ECMAScript
1.272     avankest 2213:     Language Specification</a></cite>. ECMA.
1.18      avankest 2214: 
1.146     avankest 2215:    <dt>[<dfn id=ref-html5>HTML5</dfn>]
1.143     avankest 2216: 
1.252     avankest 2217:    <dd><cite><a href="http://www.w3.org/html/wg/html5/">HTML5</a></cite>
1.272     avankest 2218:     (work in progress), I. Hickson. W3C.
1.172     avankest 2219: 
                   2220:    <dd><cite><a
1.295     avankest 2221:     href="http://www.whatwg.org/specs/web-apps/current-work/">HTML5</a></cite>
1.272     avankest 2222:     (work in progress), I. Hickson. WHATWG.
1.18      avankest 2223: 
1.199     avankest 2224:    <dt>[<dfn id=ref-httpverbsec>HTTPVERBSEC</dfn>]
                   2225: 
                   2226:    <dd>(Non-normative) <cite><a
                   2227:     href="http://www.kb.cert.org/vuls/id/867593">Multiple vendors' web
                   2228:     servers enable HTTP TRACE method by default</a></cite>, US-CERT.
                   2229: 
                   2230:    <dd>(Non-normative) <cite><a
                   2231:     href="http://www.kb.cert.org/vuls/id/288308">Microsoft Internet
                   2232:     Information Server (IIS) vulnerable to cross-site scripting via HTTP
                   2233:     TRACK method</a></cite>, US-CERT.
                   2234: 
                   2235:    <dd>(Non-normative) <cite><a
                   2236:     href="http://www.kb.cert.org/vuls/id/150227">HTTP proxy default
                   2237:     configurations allow arbitrary TCP connections</a></cite>, US-CERT.
                   2238: 
1.250     avankest 2239:    <dt>[<dfn id=ref-rfc2046>RFC2046</dfn>]
                   2240: 
                   2241:    <dd><cite><a href="http://ietf.org/rfc/rfc2046">Multipurpose Internet Mail
                   2242:     Extensions (MIME) Part Two: Media Types</a></cite>, N. Freed, N.
1.272     avankest 2243:     Borenstein. IETF.
1.250     avankest 2244: 
1.146     avankest 2245:    <dt>[<dfn id=ref-rfc2119>RFC2119</dfn>]
1.15      avankest 2246: 
1.118     avankest 2247:    <dd><cite><a href="http://ietf.org/rfc/rfc2119">Key words for use in RFCs
1.272     avankest 2248:     to Indicate Requirement Levels</a></cite>, S. Bradner. IETF.
1.15      avankest 2249: 
1.250     avankest 2250:    <dt>[<dfn id=rfc-rfc2616>RFC2616</dfn>]
1.15      avankest 2251: 
                   2252:    <dd><cite><a href="http://ietf.org/rfc/rfc2616">Hypertext Transfer
                   2253:     Protocol -- HTTP/1.1</a></cite>, R. Fielding, J. Gettys, J. Mogul, H.
1.272     avankest 2254:     Frystyk, L. Masinter, P. Leach, T. Berners-Lee. IETF.
1.15      avankest 2255: 
1.39      avankest 2256:    <dt>[<dfn id=ref-rfc2617>RFC2617</dfn>]
1.15      avankest 2257: 
                   2258:    <dd><cite><a href="http://ietf.org/rfc/rfc2617">HTTP Authentication: Basic
1.93      avankest 2259:     and Digest Access Authentication</a></cite>, P. Hallam-Baker, J.
1.272     avankest 2260:     Hostetler, S. Lawrence, P. Leach, A. Luotonen, L. Stewart. IETF.
1.2       avankest 2261: 
1.39      avankest 2262:    <dt>[<dfn id=ref-rfc3986>RFC3986</dfn>]
1.2       avankest 2263: 
1.15      avankest 2264:    <dd><cite><a href="http://ietf.org/rfc/rfc3986">Uniform Resource
                   2265:     Identifier (URI): Generic Syntax</a></cite>, T. Berners-Lee, R. Fielding,
1.272     avankest 2266:     L. Masinter. IETF.
1.188     avankest 2267: 
1.250     avankest 2268:    <dt>[<dfn id=ref-rfc3987>RFC3987</dfn>]
                   2269: 
                   2270:    <dd><cite><a href="http://ietf.org/rfc/rfc3987">Internationalized Resource
1.272     avankest 2271:     Identifiers (IRIs)</a></cite>, M. Duerst, M. Suignard. IETF.
1.250     avankest 2272: 
1.205     avankest 2273:    <dt>[<dfn id=ref-webidl>WebIDL</dfn>]
1.182     avankest 2274: 
1.201     avankest 2275:    <dd><cite><a href="http://dev.w3.org/2006/webapi/WebIDL/">Web
1.272     avankest 2276:     IDL</a></cite> (work in progress), C. McCormack. W3C.</dd>
1.252     avankest 2277:    <!-- XXX add Sam -->
1.182     avankest 2278: 
1.43      avankest 2279:    <dt>[<dfn id=ref-xml>XML</dfn>]
                   2280: 
                   2281:    <dd><cite><a href="http://www.w3.org/TR/xml/">Extensible Markup Language
1.272     avankest 2282:     (XML) 1.0</a></cite>, T. Bray, J. Paoli, C. Sperberg-McQueen, E. Maler,
                   2283:     F. Yergeau. W3C.
1.43      avankest 2284: 
1.272     avankest 2285:    <dd><cite><a href="http://www.w3.org/TR/xml-names/">Namespaces in
                   2286:     XML</a></cite>, T. Bray, D. Hollander, A. Layman, R. Tobin, H. S.
                   2287:     Thompson. W3C.
1.2       avankest 2288:   </dl>
                   2289: 
1.131     avankest 2290:   <h2 class=no-num id=acknowledgments>Acknowledgments</h2>
1.2       avankest 2291: 
1.164     avankest 2292:   <p>The editor would like to thank Addison Phillips, Ahmed Kamel, Alex
                   2293:    Hopmann, Alex Vincent, Alexey Proskuryakov, Asbj&oslash;rn Ulsberg, Boris
                   2294:    Zbarsky, Bj&ouml;rn H&ouml;hrmann, Cameron McCormack, Christophe Jolif,
1.250     avankest 2295:    Charles McCathieNevile, Dan Winship, David Andersson, David
                   2296:    H&aring;s&auml;ther, David Levin, Dean Jackson, Denis Sureau, Doug
                   2297:    Schepers, Douglas Livingstone, Elliotte Harold, Eric Lawrence, Erik
                   2298:    Dahlstr&ouml;m, Geoffrey Sneddon, Gideon Cohn, Gorm Haug Eriksen,
                   2299:    H&aring;kon Wium Lie, Hallvord R. M. Steen, Huub Schaeks, Ian Davis, Ian
                   2300:    Hickson, Ivan Herman, Jeff Walden, Jens Lindstr&ouml;m, Jim Deegan, Jim
                   2301:    Ley, Joe Farro, Jonas Sicking, Julian Reschke, Karl Dubost, Lachlan Hunt,
                   2302:    Maciej Stachowiak, Magnus Kristiansen, Marc Hadley, Marcos Caceres, Mark
1.272     avankest 2303:    Baker, Mark Birbeck, Mark Nottingham, Mark S. Miller, Martin Hassman,
                   2304:    Mohamed Zergaoui, Olli Pettay, Pawel Glowacki, Peter Michaux, Philip
                   2305:    Taylor, Robin Berjon, Rune Halvorsen, Ruud Steltenpool, Simon Pieters,
                   2306:    Stewart Brodie, Sunava Dutta, Thomas Roessler, Tom Magliery, and Zhenbin
                   2307:    Xu for their contributions to this specification.
1.2       avankest 2308: 
                   2309:   <p>Special thanks to the Microsoft employees who first implemented the
1.144     avankest 2310:    <code title="">XMLHttpRequest</code> interface, which was first widely
                   2311:    deployed by the Windows Internet Explorer browser.
1.2       avankest 2312: 
1.56      avankest 2313:   <p>Special thanks also to the WHATWG for drafting an initial version of
1.131     avankest 2314:    this specification in their Web Applications 1.0 document (now renamed to
1.252     avankest 2315:    HTML5). [<cite><a href="#ref-html5">HTML5</a></cite>]
1.2       avankest 2316: 
                   2317:   <p>Thanks also to all those who have helped to improve this specification
                   2318:    by sending suggestions and corrections. (Please, keep bugging us with your
                   2319:    issues!)

Webmaster