Annotation of 2006/webapi/XMLHttpRequest/Overview.html, revision 1.330

1.1       avankest    1: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">
1.2       avankest    2: 
1.25      avankest    3: <html lang=en-US>
1.1       avankest    4:  <head>
1.209     avankest    5:   <title>XMLHttpRequest</title>
1.2       avankest    6: 
1.20      avankest    7:   <style type="text/css">
1.118     avankest    8:    pre.idl { border:solid thin; background:#eee; color:#000; padding:0.5em }
1.20      avankest    9:    pre.idl :link, pre.idl :visited { color:inherit; background:transparent }
1.60      avankest   10:    pre code { color:inherit; background:transparent }
1.20      avankest   11:    div.example { margin-left:1em; padding-left:1em; border-left:double; color:#222; background:#fcfcfc }
1.90      avankest   12:    .note { margin-left:2em; font-weight:bold; font-style:italic; color:#008000 }
1.20      avankest   13:    p.note::before { content:"Note: " }
1.205     avankest   14:    .XXX { padding:.5em; border:solid #f00 }
                     15:    p.XXX::before { content:"Issue: " }
1.120     avankest   16:    dl.switch { padding-left:2em }
1.250     avankest   17:    dl.switch > dt { text-indent:-1.5em }
                     18:    dl.switch > dt:before { content:'\21AA'; padding:0 0.5em 0 0; display:inline-block; width:1em; text-align:right; line-height:0.5em }
1.274     avankest   19:    dl.domintro { color: green; margin: 2em 0 2em 2em; padding: 0.5em 1em; border: none; background: #DDFFDD; }
                     20:    dl.domintro dt, dl.domintro dt * { color: black; text-decoration: none; }
                     21:    dl.domintro dd { margin: 0.5em 0 1em 2em; padding: 0; }
                     22:    dl.domintro dd p { margin: 0.5em 0; }
                     23:    dl.domintro:before { display: table; margin: -1em -0.5em -0.5em auto; width: auto; content: 'This box is non-normative. Implementation requirements are given below this box.'; color: red; border: solid 2px; background: white; padding: 0 0.25em; }
1.232     avankest   24:    em.ct { text-transform:lowercase; font-variant:small-caps; font-style:normal }
                     25:    dfn { font-weight:bold; font-style:normal }
                     26:    code { color:orangered }
                     27:    code :link, code :visited { color:inherit }
                     28:    hr:not(.top) { display:block; background:none; border:none; padding:0; margin:2em 0; height:auto }
                     29:    table { border-collapse:collapse; border-style:hidden hidden none hidden }
                     30:    table thead { border-bottom:solid }
                     31:    table tbody th:first-child { border-left:solid }
                     32:    table td, table th { border-left:solid; border-right:solid; border-bottom:solid thin; vertical-align:top; padding:0.2em }
                     33:   </style>
1.296     avankest   34:   <link href="http://www.w3.org/StyleSheets/TR/W3C-ED" rel=stylesheet>
1.2       avankest   35: 
1.1       avankest   36:  <body>
1.25      avankest   37:   <div class=head>
                     38:    <p><a href="http://www.w3.org/"><img alt=W3C height=48
                     39:     src="http://www.w3.org/Icons/w3c_home" width=72></a></p>
1.2       avankest   40: 
1.231     avankest   41:    <h1 class=head id=the-xmlhttprequest-object>XMLHttpRequest</h1>
1.2       avankest   42: 
1.329     avankest   43:    <h2 class="no-num no-toc" id=w3c-doctype>Editor's Draft 8 February 2011</h2>
1.2       avankest   44: 
1.1       avankest   45:    <dl>
1.154     avankest   46:     <dt>This Version:
1.2       avankest   47: 
                     48:     <dd><a
1.329     avankest   49:      href="http://www.w3.org/TR/2011/ED-XMLHttpRequest-20110208/">http://www.w3.org/TR/2011/ED-XMLHttpRequest-20110208/</a>
1.2       avankest   50: 
1.14      avankest   51:     <dt>Latest Version:
1.2       avankest   52: 
                     53:     <dd><a
                     54:      href="http://www.w3.org/TR/XMLHttpRequest/">http://www.w3.org/TR/XMLHttpRequest/</a>
                     55: 
1.190     avankest   56:     <dt>Latest Editor Version:
                     57: 
                     58:     <dd><a
                     59:      href="http://dev.w3.org/2006/webapi/XMLHttpRequest/">http://dev.w3.org/2006/webapi/XMLHttpRequest/</a>
                     60: 
1.14      avankest   61:     <dt>Previous Versions:
1.2       avankest   62: 
                     63:     <dd><a
1.296     avankest   64:      href="http://www.w3.org/TR/2010/CR-XMLHttpRequest-20100803/">http://www.w3.org/TR/2010/CR-XMLHttpRequest-20100803/</a>
                     65: 
                     66:     <dd><a
1.293     avankest   67:      href="http://www.w3.org/TR/2009/WD-XMLHttpRequest-20091119/">http://www.w3.org/TR/2009/WD-XMLHttpRequest-20091119/</a>
                     68: 
                     69:     <dd><a
1.233     avankest   70:      href="http://www.w3.org/TR/2009/WD-XMLHttpRequest-20090820/">http://www.w3.org/TR/2009/WD-XMLHttpRequest-20090820/</a>
                     71: 
                     72:     <dd><a
1.174     avankest   73:      href="http://www.w3.org/TR/2008/WD-XMLHttpRequest-20080415/">http://www.w3.org/TR/2008/WD-XMLHttpRequest-20080415/</a>
                     74: 
                     75:     <dd><a
1.155     avankest   76:      href="http://www.w3.org/TR/2007/WD-XMLHttpRequest-20071026/">http://www.w3.org/TR/2007/WD-XMLHttpRequest-20071026/</a>
                     77: 
                     78:     <dd><a
1.134     avankest   79:      href="http://www.w3.org/TR/2007/WD-XMLHttpRequest-20070618/">http://www.w3.org/TR/2007/WD-XMLHttpRequest-20070618/</a>
                     80: 
                     81:     <dd><a
1.60      avankest   82:      href="http://www.w3.org/TR/2007/WD-XMLHttpRequest-20070227/">http://www.w3.org/TR/2007/WD-XMLHttpRequest-20070227/</a>
                     83: 
                     84:     <dd><a
1.25      avankest   85:      href="http://www.w3.org/TR/2006/WD-XMLHttpRequest-20060927/">http://www.w3.org/TR/2006/WD-XMLHttpRequest-20060927/</a>
                     86: 
                     87:     <dd><a
1.2       avankest   88:      href="http://www.w3.org/TR/2006/WD-XMLHttpRequest-20060619/">http://www.w3.org/TR/2006/WD-XMLHttpRequest-20060619/</a>
                     89: 
                     90:     <dd><a
                     91:      href="http://www.w3.org/TR/2006/WD-XMLHttpRequest-20060405/">http://www.w3.org/TR/2006/WD-XMLHttpRequest-20060405/</a>
                     92: 
                     93:     <dt>Editor:
                     94: 
                     95:     <dd><a href="http://annevankesteren.nl/">Anne van Kesteren</a> (<a
                     96:      href="http://www.opera.com/">Opera Software ASA</a>) &lt;<a
                     97:      href="mailto:annevk@opera.com">annevk@opera.com</a>&gt;
1.1       avankest   98:    </dl>
1.2       avankest   99: 
1.25      avankest  100:    <p class=copyright><a
1.2       avankest  101:     href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a>
1.320     avankest  102:     &copy; 2010 <a href="http://www.w3.org/"><acronym title="World Wide Web
1.53      avankest  103:     Consortium">W3C</acronym></a><sup>&reg;</sup> (<a
                    104:     href="http://www.csail.mit.edu/"><acronym title="Massachusetts Institute
                    105:     of Technology">MIT</acronym></a>, <a
                    106:     href="http://www.ercim.org/"><acronym title="European Research Consortium
                    107:     for Informatics and Mathematics">ERCIM</acronym></a>, <a
1.2       avankest  108:     href="http://www.keio.ac.jp/">Keio</a>), All Rights Reserved. W3C <a
                    109:     href="http://www.w3.org/Consortium/Legal/ipr-notice#Legal_Disclaimer">liability</a>,
                    110:     <a
                    111:     href="http://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a>
                    112:     and <a
                    113:     href="http://www.w3.org/Consortium/Legal/copyright-documents">document
                    114:     use</a> rules apply.</p>
1.1       avankest  115:   </div>
1.2       avankest  116: 
                    117:   <hr>
                    118: 
1.25      avankest  119:   <h2 class="no-num no-toc" id=specabstract>Abstract</h2>
1.2       avankest  120: 
1.231     avankest  121:   <p>The XMLHttpRequest specification defines an API that provides scripted
                    122:    client functionality for transferring data between a client and a server.
1.25      avankest  123: 
                    124:   <h2 class="no-num no-toc" id=sotd>Status of this Document</h2>
1.2       avankest  125: 
                    126:   <p><em>This section describes the status of this document at the time of
                    127:    its publication. Other documents may supersede this document. A list of
                    128:    current W3C publications and the latest revision of this technical report
                    129:    can be found in the <a href="http://www.w3.org/TR/">W3C technical reports
1.173     avankest  130:    index</a> at http://www.w3.org/TR/.</em>
1.2       avankest  131: 
1.329     avankest  132:   <p>This is the 8 February 2011 <!--Last Call Working Draft-->Editor's Draft
1.323     avankest  133:    of XMLHttpRequest. Please send comments to <a
1.250     avankest  134:    href="mailto:public-webapps@w3.org?subject=[XHR]%20">public-webapps@w3.org</a>
                    135:    (<a
1.209     avankest  136:    href="http://lists.w3.org/Archives/Public/public-webapps/">archived</a>)
1.250     avankest  137:    with <samp>[XHR]</samp> at the start of the subject line.
1.49      avankest  138: 
1.292     avankest  139:   <p>For the last Last Call Working Draft the Working Group has kept a <a
                    140:    href="http://dev.w3.org/2006/webapi/XMLHttpRequest/disposition-of-comments-3">disposition
1.295     avankest  141:    of comments</a> document. A <a
                    142:    href="http://dev.w3.org/cvsweb/2006/webapi/XMLHttpRequest/Overview.src.html">list
                    143:    of changes</a> is available via a Web view of CVS. (Due to the way the
                    144:    document is edited certain commit messages have introduced negligible
                    145:    changes to this document and are in fact only relevant for XMLHttpRequest
                    146:    Level 2.)
1.292     avankest  147: 
1.49      avankest  148:   <p>This document is produced by the <a
1.209     avankest  149:    href="http://www.w3.org/2008/webapps/">Web Applications</a> (WebApps)
1.250     avankest  150:    Working Group. The WebApps Working Group is part of the <a
1.209     avankest  151:    href="http://www.w3.org/2006/rwc/Activity">Rich Web Clients Activity</a>
                    152:    in the W3C <a href="http://www.w3.org/Interaction/">Interaction
1.250     avankest  153:    Domain</a>.
1.2       avankest  154: 
                    155:   <p>This document was produced by a group operating under the <a
                    156:    href="http://www.w3.org/Consortium/Patent-Policy-20040205/">5 February
1.54      avankest  157:    2004 W3C Patent Policy</a>. W3C maintains a <a
1.209     avankest  158:    href="http://www.w3.org/2004/01/pp-impl/42538/status"
1.25      avankest  159:    rel=disclosure>public list of any patent disclosures</a> made in
1.2       avankest  160:    connection with the deliverables of the group; that page also includes
                    161:    instructions for disclosing a patent. An individual who has actual
                    162:    knowledge of a patent which the individual believes contains <a
                    163:    href="http://www.w3.org/Consortium/Patent-Policy-20040205/#def-essential">Essential
                    164:    Claim(s)</a> must disclose the information in accordance with <a
                    165:    href="http://www.w3.org/Consortium/Patent-Policy-20040205/#sec-Disclosure">section
                    166:    6 of the W3C Patent Policy</a>.
                    167: 
1.296     avankest  168:   <p>Publication as a Working Draft does not imply endorsement by the W3C
                    169:    Membership. This is a draft document and may be updated, replaced or
                    170:    obsoleted by other documents at any time. It is inappropriate to cite this
                    171:    document as other than work in progress.
1.250     avankest  172: 
1.273     avankest  173:   <h3 class="no-num no-toc" id=crec>Candidate Recommendation Exit Criteria</h3>
                    174: 
                    175:   <p>To exit the Candidate Recommendation (CR) stage the following criteria
                    176:    <em class=ct>must</em> have been met:
                    177: 
                    178:   <ol>
                    179:    <li>There will be at least two interoperable implementations passing all
1.291     avankest  180:     test cases in the <a
                    181:     href="http://test.w3.org/webapps/tests/XMLHttpRequest/info.htm">test
                    182:     suite</a> for this specification. An implementation is to be available
                    183:     (i.e. for download), shipping (i.e. not private), and not experimental
                    184:     (i.e. intended for a wide audience). The working group will decide when
1.295     avankest  185:     the test suite is of sufficient quality to test interoperability and will
                    186:     produce implementation reports (hosted together with the test suite).
1.273     avankest  187: 
1.296     avankest  188:    <li>A minimum of six months of the CR stage will have elapsed. This is to
                    189:     ensure that enough time is given for any remaining major errors to be
                    190:     caught. The CR period will be extended if implementations are slow to
                    191:     appear.</li>
                    192:    <!-- XXX need to add date -->
1.287     avankest  193: 
1.288     avankest  194:    <li>Text, which can be in a separate document, exists that explains the
                    195:     security considerations for this specification. This may be done in a
                    196:     generic manner as they are most likely applicable to various APIs. The
                    197:     working group will decide whether the text is of sufficient quality.
1.273     avankest  198:   </ol>
                    199: 
1.25      avankest  200:   <h2 class="no-num no-toc" id=toc>Table of Contents</h2>
1.2       avankest  201:   <!--begin-toc-->
                    202: 
1.25      avankest  203:   <ul class=toc>
1.248     avankest  204:    <li><a href="#introduction"><span class=secno>1. </span>Introduction</a>
1.154     avankest  205: 
1.250     avankest  206:    <li><a href="#conformance"><span class=secno>2. </span>Conformance
                    207:     Criteria</a>
1.25      avankest  208:     <ul class=toc>
1.248     avankest  209:      <li><a href="#dependencies"><span class=secno>2.1.
1.154     avankest  210:       </span>Dependencies</a>
1.2       avankest  211: 
1.248     avankest  212:      <li><a href="#terminology"><span class=secno>2.2. </span>Terminology</a>
                    213:       
1.81      avankest  214: 
1.248     avankest  215:      <li><a href="#extensibility"><span class=secno>2.3.
1.154     avankest  216:       </span>Extensibility</a>
                    217:     </ul>
1.81      avankest  218: 
1.250     avankest  219:    <li><a href="#the-xmlhttprequest-interface"><span class=secno>3.
1.248     avankest  220:     </span>The <code title="">XMLHttpRequest</code> Interface</a>
1.25      avankest  221:     <ul class=toc>
1.250     avankest  222:      <li><a href="#origin-and-base-url"><span class=secno>3.1. </span>Origin
1.205     avankest  223:       and Base URL</a>
1.33      avankest  224: 
1.250     avankest  225:      <li><a href="#task-sources"><span class=secno>3.2. </span>Task
1.205     avankest  226:       Sources</a>
                    227: 
1.250     avankest  228:      <li><a href="#constructors"><span class=secno>3.3.
1.213     avankest  229:       </span>Constructors</a>
1.205     avankest  230: 
1.250     avankest  231:      <li><a href="#event-handler-attributes"><span class=secno>3.4.
1.207     avankest  232:       </span>Event Handler Attributes</a>
1.205     avankest  233: 
1.250     avankest  234:      <li><a href="#states"><span class=secno>3.5. </span>States</a>
1.205     avankest  235: 
1.250     avankest  236:      <li><a href="#request"><span class=secno>3.6. </span>Request</a>
1.205     avankest  237:       <ul class=toc>
1.250     avankest  238:        <li><a href="#the-open-method"><span class=secno>3.6.1. </span>The
1.205     avankest  239:         <code title="">open()</code> method</a>
                    240: 
1.250     avankest  241:        <li><a href="#the-setrequestheader-method"><span class=secno>3.6.2.
1.205     avankest  242:         </span>The <code title="">setRequestHeader()</code> method</a>
                    243: 
1.250     avankest  244:        <li><a href="#the-send-method"><span class=secno>3.6.3. </span>The
1.205     avankest  245:         <code title="">send()</code> method</a>
                    246: 
1.214     avankest  247:        <li><a href="#infrastructure-for-the-send-method"><span
1.250     avankest  248:         class=secno>3.6.4. </span>Infrastructure for the <code
1.214     avankest  249:         title="">send()</code> method</a>
                    250: 
1.250     avankest  251:        <li><a href="#the-abort-method"><span class=secno>3.6.5. </span>The
1.205     avankest  252:         <code title="">abort()</code> method</a>
                    253:       </ul>
                    254: 
1.250     avankest  255:      <li><a href="#response"><span class=secno>3.7. </span>Response</a>
1.205     avankest  256:       <ul class=toc>
1.250     avankest  257:        <li><a href="#the-status-attribute"><span class=secno>3.7.1.
1.248     avankest  258:         </span>The <code title="">status</code> attribute</a>
1.205     avankest  259: 
1.250     avankest  260:        <li><a href="#the-statustext-attribute"><span class=secno>3.7.2.
1.205     avankest  261:         </span>The <code title="">statusText</code> attribute</a>
                    262: 
1.250     avankest  263:        <li><a href="#the-getresponseheader-method"><span class=secno>3.7.3.
1.205     avankest  264:         </span>The <code title="">getResponseHeader()</code> method</a>
                    265: 
                    266:        <li><a href="#the-getallresponseheaders-method"><span
1.250     avankest  267:         class=secno>3.7.4. </span>The <code
1.205     avankest  268:         title="">getAllResponseHeaders()</code> method</a>
                    269: 
1.250     avankest  270:        <li><a href="#response-entity-body0"><span class=secno>3.7.5.
1.205     avankest  271:         </span>Response Entity Body</a>
                    272: 
1.250     avankest  273:        <li><a href="#the-responsetext-attribute"><span class=secno>3.7.6.
1.205     avankest  274:         </span>The <code title="">responseText</code> attribute</a>
                    275: 
1.250     avankest  276:        <li><a href="#the-responsexml-attribute"><span class=secno>3.7.7.
1.205     avankest  277:         </span>The <code title="">responseXML</code> attribute</a>
                    278:       </ul>
1.242     avankest  279:     </ul>
1.205     avankest  280: 
1.250     avankest  281:    <li><a href="#exceptions"><span class=secno>4. </span>Exceptions</a>
1.2       avankest  282: 
1.250     avankest  283:    <li class=no-num><a href="#references">References</a>
1.2       avankest  284: 
1.131     avankest  285:    <li class=no-num><a href="#acknowledgments">Acknowledgments</a>
1.2       avankest  286:   </ul>
                    287:   <!--end-toc-->
                    288: 
1.248     avankest  289:   <h2 id=introduction><span class=secno>1. </span>Introduction</h2>
1.2       avankest  290: 
                    291:   <p><em>This section is non-normative.</em>
                    292: 
1.270     avankest  293:   <p>The <a href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object
1.225     avankest  294:    implements an interface exposed by a scripting engine that allows scripts
                    295:    to perform HTTP client functionality, such as submitting form data or
                    296:    loading data from a server. It is the ECMAScript HTTP API.
1.2       avankest  297: 
1.270     avankest  298:   <p>The name of the object is <a
                    299:    href="#xmlhttprequest"><code>XMLHttpRequest</code></a> for compatibility
                    300:    with the Web, though each component of this name is potentially
                    301:    misleading. First, the object supports any text based format, including
                    302:    XML. Second, it can be used to make requests over both HTTP and HTTPS
                    303:    (some implementations support protocols in addition to HTTP and HTTPS, but
                    304:    that functionality is not covered by this specification). Finally, it
                    305:    supports "requests" in a broad sense of the term as it pertains to HTTP;
                    306:    namely all activity involved with HTTP requests or responses for the
                    307:    defined HTTP methods.
1.2       avankest  308: 
1.25      avankest  309:   <div class=example>
1.18      avankest  310:    <p>Some simple code to do something with data from an XML document fetched
                    311:     over the network:</p>
                    312: 
1.312     avankest  313:    <pre><code>function processData(data) {
1.316     avankest  314:   // taking care of data
1.18      avankest  315: }
                    316: 
                    317: function handler() {
1.316     avankest  318:   if(this.readyState == this.DONE) {
                    319:     if(this.status == 200 &amp;&amp;
                    320:        this.responseXML != null &amp;&amp;
                    321:        this.responseXML.getElementById('test').textContent) {
1.312     avankest  322:       // success!
                    323:       processData(this.responseXML.getElementById('test').textContent);
                    324:       return;
                    325:     }
1.316     avankest  326:     // something went wrong
                    327:     processData(null);
1.312     avankest  328:   }
1.18      avankest  329: }
                    330: 
                    331: var client = new XMLHttpRequest();
                    332: client.onreadystatechange = handler;
1.252     avankest  333: client.open("GET", "unicorn.xml");
1.60      avankest  334: client.send();</code></pre>
1.18      avankest  335: 
1.58      avankest  336:    <p>If you just want to log a message to the server:</p>
1.18      avankest  337: 
1.60      avankest  338:    <pre><code>function log(message) {
1.312     avankest  339:   var client = new XMLHttpRequest();
                    340:   client.open("POST", "/log");
                    341:   client.setRequestHeader("Content-Type", "text/plain;charset=UTF-8");
                    342:   client.send(message);
1.60      avankest  343: }</code></pre>
1.18      avankest  344: 
                    345:    <p>Or if you want to check the status of a document on the server:</p>
                    346: 
1.60      avankest  347:    <pre><code>function fetchStatus(address) {
1.312     avankest  348:   var client = new XMLHttpRequest();
                    349:   client.onreadystatechange = function() {
                    350:     // in case of network errors this might not give reliable results
1.314     avankest  351:     if(this.readyState == this.DONE)
1.312     avankest  352:       returnStatus(this.status);
                    353:   }
                    354:   client.open("HEAD", address);
                    355:   client.send();
1.60      avankest  356: }</code></pre>
1.18      avankest  357:   </div>
1.2       avankest  358: 
1.250     avankest  359:   <h2 id=conformance><span class=secno>2. </span>Conformance Criteria</h2>
1.2       avankest  360: 
1.29      avankest  361:   <p>Everything in this specification is normative except for diagrams,
1.2       avankest  362:    examples, notes and sections marked non-normative.
                    363: 
1.25      avankest  364:   <p>The key words <em class=ct>must</em>, <em class=ct>must not</em>, <em
1.261     avankest  365:    class=ct>should</em>, <em class=ct>should not</em>, and <em
                    366:    class=ct>may</em> in this document are to be interpreted as described in
                    367:    RFC 2119. [<cite><a href="#ref-rfc2119">RFC2119</a></cite>]
1.2       avankest  368: 
1.304     avankest  369:   <p>This specification defines a single conformance class:
1.2       avankest  370: 
                    371:   <dl>
1.75      avankest  372:    <dt><dfn id=conforming-user-agent>Conforming user agent</dfn>
1.2       avankest  373: 
1.75      avankest  374:    <dd>
                    375:     <p>A user agent <em class=ct>must</em> behave as described in this
1.107     avankest  376:      specification in order to be considered conformant.</p>
1.75      avankest  377: 
1.141     avankest  378:     <p>User agents <em class=ct>may</em> implement algorithms given in this
                    379:      specification in any way desired, so long as the end result is
                    380:      indistinguishable from the result that would be obtained by the
                    381:      specification's algorithms.</p>
1.2       avankest  382: 
1.96      avankest  383:     <p class=note>This specification uses both the terms "conforming user
                    384:      agent(s)" and "user agent(s)" to refer to this product class.</p>
1.2       avankest  385:   </dl>
                    386: 
1.248     avankest  387:   <h3 id=dependencies><span class=secno>2.1. </span>Dependencies</h3>
1.2       avankest  388: 
1.31      avankest  389:   <p>This specification relies on several underlying specifications.
1.2       avankest  390: 
1.31      avankest  391:   <dl>
                    392:    <dt>DOM
1.2       avankest  393: 
1.31      avankest  394:    <dd>
1.314     avankest  395:     <p>A <a href="#conforming-user-agent">conforming user agent</a> <em
                    396:      class=ct>must</em> support at least the subset of the functionality
                    397:      defined in DOM Events and DOM Core that this specification relies upon,
                    398:      such as various exceptions and <code>EventTarget</code>. [<cite><a
1.156     avankest  399:      href="#ref-dom2events">DOM2Events</a></cite>] [<cite><a
                    400:      href="#ref-dom3core">DOM3Core</a></cite>]
1.2       avankest  401: 
1.330   ! avankest  402:    <dt>HTML
1.162     avankest  403: 
                    404:    <dd>
1.183     avankest  405:     <p>A <a href="#conforming-user-agent">conforming user agent</a> <em
1.190     avankest  406:      class=ct>must</em> support at least the subset of the functionality
1.330   ! avankest  407:      defined in HTML that this specification relies upon, such as the basics
1.252     avankest  408:      of the <code>Window</code> object and serializing a
1.198     avankest  409:      <code>Document</code> object. [<cite><a
1.330   ! avankest  410:      href="#ref-html">HTML</a></cite>]</p>
1.162     avankest  411: 
1.31      avankest  412:    <dt>HTTP
1.11      avankest  413: 
1.31      avankest  414:    <dd>
1.304     avankest  415:     <p>A <a href="#conforming-user-agent">conforming user agent</a> <em
                    416:      class=ct>must</em> support some version of the HTTP protocol.
                    417:      Requirements regarding HTTP are made throughout the specification.
                    418:      [<cite><a href="#rfc-rfc2616">RFC2616</a></cite>]
1.182     avankest  419: 
                    420:    <dt>Web IDL
                    421: 
1.250     avankest  422:    <dd>
                    423:     <p>A <a href="#conforming-user-agent">conforming user agent</a> <em
                    424:      class=ct>must</em> also be a conforming implementation of the IDL
                    425:      fragments in this specification, as described in the Web IDL
                    426:      specification. [<cite><a href="#ref-webidl">WebIDL</a></cite>]
1.304     avankest  427: 
                    428:    <dt>XML
                    429: 
                    430:    <dd>
                    431:     <p>A <a href="#conforming-user-agent">conforming user agent</a> <em
                    432:      class=ct>must</em> be a conforming XML processor that reports violations
                    433:      of namespace well-formedness. [<cite><a href="#ref-xml">XML</a></cite>]
1.31      avankest  434:   </dl>
1.2       avankest  435: 
1.248     avankest  436:   <h3 id=terminology><span class=secno>2.2. </span>Terminology</h3>
1.211     avankest  437: 
1.286     avankest  438:   <p><dfn id=dfn-obtain-unicode>Convert a DOMString to a sequence of Unicode
1.235     avankest  439:    characters</dfn> is defined by the Web IDL specification. [<cite><a
                    440:    href="#ref-webidl">WebIDL</a></cite>]
                    441: 
1.259     avankest  442:   <p>The terms and algorithms <dfn
                    443:    id=url-fragment><code>&lt;fragment></code></dfn>, <dfn
                    444:    id=url-scheme><code>&lt;scheme></code></dfn>, <dfn
1.325     avankest  445:    id=document-base-url>document base URL</dfn>, <dfn
1.259     avankest  446:    id=document-character-encoding>document's character encoding</dfn>, <dfn
                    447:    id=event-handler-attributes-0>event handler attributes</dfn>, <dfn
                    448:    id=event-handler-event-type>event handler event type</dfn>, <dfn
1.262     avankest  449:    id=fetch>fetch</dfn>, <dfn id=fully-active>fully active</dfn>, <dfn
1.307     avankest  450:    id=function><code>Function</code></dfn>, <dfn id=html-documents>HTML
                    451:    documents</dfn>, <dfn id=dom-innerhtml
1.227     avankest  452:    title=dom-innerHTML><code>innerHTML</code></dfn>, <dfn
1.234     avankest  453:    id=origin>origin</dfn>, <dfn id=preferred-mime-name>preferred MIME
                    454:    name</dfn>, <dfn id=resolve-a-url>resolve a URL</dfn>, <dfn
1.227     avankest  455:    id=same-origin>same origin</dfn>, <dfn id=storage-mutex>storage
                    456:    mutex</dfn>, <dfn id=task>task</dfn>, <dfn id=task-source>task
1.254     avankest  457:    source</dfn>, <dfn id=task-queues>task queues</dfn>, <dfn
                    458:    id=url>URL</dfn>, <dfn id=url-character-encoding>URL character
                    459:    encoding</dfn>, <dfn id=queue-a-task>queue a task</dfn>, and <dfn
1.330   ! avankest  460:    id=valid-mime-type>valid MIME type</dfn> are defined by the HTML
        !           461:    specification. [<cite><a href="#ref-html">HTML</a></cite>]
1.205     avankest  462: 
                    463:   <p>The term <dfn id=entity-body>entity body</dfn> is used as described in
                    464:    RFC 2616. <dfn id=method-token>Method token</dfn> is used as described in
                    465:    section 5.1.1 of RFC 2616. <dfn
                    466:    id=field-name><code>field-name</code></dfn> and <dfn
                    467:    id=field-value><code>field-value</code></dfn> are used as described in
1.250     avankest  468:    section 4.2 of RFC 2616. [<cite><a href="#rfc-rfc2616">RFC2616</a></cite>]
1.205     avankest  469: 
1.260     avankest  470:   <p>To <dfn id=deflate-a-domstring-into-a-byte-sequence>deflate a DOMString
                    471:    into a byte sequence</dfn> means to create a sequence of bytes such that
                    472:    the <var title="">n</var>th byte of the sequence is equal to the low-order
                    473:    byte of the <var title="">n</var>th code point in the original DOMString.
                    474: 
                    475:   <p>To <dfn id=inflate-a-byte-sequence-into-a-domstring>inflate a byte
                    476:    sequence into a DOMString</dfn> means to create a DOMString such that the
                    477:    <var title="">n</var>th code point has 0x00 as the high-order byte and the
                    478:    <var title="">n</var>th byte of the byte sequence as the low-order byte.
1.258     avankest  479: 
1.205     avankest  480:   <p><dfn id=userinfo><code>userinfo</code></dfn> is used as described in
                    481:    section 3.2.1 of RFC 3986. [<cite><a
                    482:    href="#ref-rfc3986">RFC3986</a></cite>]
                    483: 
                    484:   <p>To <dfn id=dispatch-readystatechange-event>dispatch a
                    485:    <code>readystatechange</code> event</dfn> means that an event with the
1.278     avankest  486:    name <code title=event-xhr-readystatechange>readystatechange</code>, which
                    487:    does not bubble and is not cancelable, and which uses the
                    488:    <code>Event</code> interface, is to be dispatched at the <a
1.270     avankest  489:    href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object.
1.156     avankest  490: 
1.248     avankest  491:   <h3 id=extensibility><span class=secno>2.3. </span>Extensibility</h3>
1.2       avankest  492: 
1.252     avankest  493:   <p>User agents, Working Groups, and other interested parties are
                    494:    <em>strongly encouraged</em> to discuss extensions on a relevant public
                    495:    forum, preferably <a
                    496:    href="mailto:public-webapps@w3.org">public-webapps@w3.org</a>. If this is
                    497:    for some reason not possible prefix the extension in some way and start
                    498:    the prefix with an uppercase letter. E.g. if company Foo wants to add a
                    499:    private method <code>bar()</code> it could be named <code>FooBar()</code>
                    500:    to prevent clashes with a potential future standardized
                    501:    <code>bar()</code>.
1.2       avankest  502: 
1.250     avankest  503:   <h2 id=the-xmlhttprequest-interface><span class=secno>3. </span>The <code
1.225     avankest  504:    title="">XMLHttpRequest</code> Interface</h2>
1.2       avankest  505: 
1.270     avankest  506:   <p>The <a href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object can
1.326     avankest  507:    be used by scripts to issue HTTP requests.
1.2       avankest  508: 
1.230     avankest  509:   <pre class=idl>[NoInterfaceObject]
                    510: interface <dfn id=xmlhttprequesteventtarget>XMLHttpRequestEventTarget</dfn> : EventTarget {
                    511:   // for future use
                    512: };
                    513: 
1.242     avankest  514: [<a href="#dom-xmlhttprequest" title=dom-XMLHttpRequest>Constructor</a>]
1.230     avankest  515: interface <dfn id=xmlhttprequest>XMLHttpRequest</dfn> : <a href="#xmlhttprequesteventtarget">XMLHttpRequestEventTarget</a> {
1.208     avankest  516:   // <a href="#event-handler-attributes">event handler attributes</a>
1.278     avankest  517:            attribute <a href="#function">Function</a> <a href="#handler-xhr-onreadystatechange" title=handler-xhr-onreadystatechange>onreadystatechange</a>;
1.60      avankest  518: 
1.208     avankest  519:   // <a href="#states">states</a>
1.277     avankest  520:   const unsigned short <a href="#dom-xmlhttprequest-unsent" title=dom-XMLHttpRequest-UNSENT>UNSENT</a> = 0;
                    521:   const unsigned short <a href="#dom-xmlhttprequest-opened" title=dom-XMLHttpRequest-OPENED>OPENED</a> = 1;
                    522:   const unsigned short <a href="#dom-xmlhttprequest-headers_received" title="dom-XMLHttpRequest-HEADERS_RECEIVED">HEADERS_RECEIVED</a> = 2;
                    523:   const unsigned short <a href="#dom-xmlhttprequest-loading" title=dom-XMLHttpRequest-LOADING>LOADING</a> = 3;
                    524:   const unsigned short <a href="#dom-xmlhttprequest-done" title=dom-XMLHttpRequest-DONE>DONE</a> = 4;
1.282     avankest  525:   readonly attribute unsigned short <a href="#dom-xmlhttprequest-readystate" title=dom-XMLHttpRequest-readyState>readyState</a>;
1.60      avankest  526: 
1.207     avankest  527:   // <a href="#request">request</a>
1.279     avankest  528:   void <a href="#dom-xmlhttprequest-open" title=dom-XMLHttpRequest-open>open</a>(DOMString <var>method</var>, DOMString <var title="">url</var>);
                    529:   void <a href="#dom-xmlhttprequest-open" title=dom-XMLHttpRequest-open>open</a>(DOMString <var>method</var>, DOMString <var title="">url</var>, boolean <var>async</var>);
                    530:   void <a href="#dom-xmlhttprequest-open" title=dom-XMLHttpRequest-open>open</a>(DOMString <var>method</var>, DOMString <var title="">url</var>, boolean <var>async</var>, DOMString? <var>user</var>);
                    531:   void <a href="#dom-xmlhttprequest-open" title=dom-XMLHttpRequest-open>open</a>(DOMString <var>method</var>, DOMString <var title="">url</var>, boolean <var>async</var>, DOMString? <var>user</var>, DOMString? <var>password</var>);
1.284     avankest  532:   void <a href="#dom-xmlhttprequest-setrequestheader" title=dom-XMLHttpRequest-setRequestHeader>setRequestHeader</a>(DOMString <var>header</var>, DOMString <var>value</var>);
1.276     avankest  533:   void <a href="#dom-xmlhttprequest-send" title=dom-XMLHttpRequest-send>send</a>();
1.309     avankest  534:   void <a href="#dom-xmlhttprequest-send" title=dom-XMLHttpRequest-send>send</a>(<span>Document</span> <var>data</var>);
1.276     avankest  535:   void <a href="#dom-xmlhttprequest-send" title=dom-XMLHttpRequest-send>send</a>([AllowAny] DOMString? <var>data</var>);
1.280     avankest  536:   void <a href="#dom-xmlhttprequest-abort" title=dom-XMLHttpRequest-abort>abort</a>();
1.60      avankest  537: 
1.207     avankest  538:   // <a href="#response">response</a>
1.281     avankest  539:   readonly attribute unsigned short <a href="#dom-xmlhttprequest-status" title=dom-XMLHttpRequest-status>status</a>;
                    540:   readonly attribute DOMString <a href="#dom-xmlhttprequest-statustext" title=dom-XMLHttpRequest-statusText>statusText</a>;
1.283     avankest  541:   DOMString <a href="#dom-xmlhttprequest-getresponseheader" title=dom-XMLHttpRequest-getResponseHeader>getResponseHeader</a>(DOMString <var>header</var>);
1.298     avankest  542:   DOMString <a href="#dom-xmlhttprequest-getallresponseheaders" title=dom-XMLHttpRequest-getAllResponseHeaders>getAllResponseHeaders</a>();
1.281     avankest  543:   readonly attribute DOMString <a href="#dom-xmlhttprequest-responsetext" title=dom-XMLHttpRequest-responseText>responseText</a>;
1.309     avankest  544:   readonly attribute <span>Document</span> <a href="#dom-xmlhttprequest-responsexml" title=dom-XMLHttpRequest-responseXML>responseXML</a>;
1.230     avankest  545: };</pre>
1.2       avankest  546: 
1.250     avankest  547:   <h3 id=origin-and-base-url><span class=secno>3.1. </span>Origin and Base
1.248     avankest  548:    URL</h3>
1.205     avankest  549: 
1.270     avankest  550:   <p>Each <a href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object
1.225     avankest  551:    has an associated <dfn
1.205     avankest  552:    id=xmlhttprequest-origin><code>XMLHttpRequest</code> origin</dfn> and an
                    553:    <dfn id=xmlhttprequest-base-url><code>XMLHttpRequest</code> base
                    554:    URL</dfn>.
                    555: 
                    556:   <p>This specification defines their values when the global object is
1.270     avankest  557:    represented by the <code>Window</code> object. When the <a
                    558:    href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object is used in
                    559:    other contexts their values will have to be defined as appropriate for
                    560:    that context. That is considered to be out of scope for this
                    561:    specification.
1.205     avankest  562: 
                    563:   <p>In environments where the global object is represented by the
1.270     avankest  564:    <code>Window</code> object the <a
                    565:    href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object has an
                    566:    associated <dfn id=xmlhttprequest-document><code>XMLHttpRequest</code>
1.205     avankest  567:    <code>Document</code></dfn> which is the <code>Document</code> object
1.270     avankest  568:    associated with the <code>Window</code> object for which the <a
                    569:    href="#xmlhttprequest"><code>XMLHttpRequest</code></a> interface object
                    570:    was created.
1.205     avankest  571: 
                    572:   <p class=note>The <a
                    573:    href="#xmlhttprequest-document"><code>XMLHttpRequest</code>
                    574:    <code>Document</code></a> is used to determine the <a
                    575:    href="#xmlhttprequest-origin"><code>XMLHttpRequest</code> origin</a> and
                    576:    <a href="#xmlhttprequest-base-url"><code>XMLHttpRequest</code> base
1.245     avankest  577:    URL</a> at a later stage.
1.205     avankest  578: 
1.250     avankest  579:   <h3 id=task-sources><span class=secno>3.2. </span>Task Sources</h3>
1.205     avankest  580: 
1.253     avankest  581:   <p>The <a href="#task-source">task source</a> used by this specification is
                    582:    the <dfn id=xmlhttprequest-task-source><code>XMLHttpRequest</code> task
                    583:    source</dfn>.
1.205     avankest  584: 
1.250     avankest  585:   <h3 id=constructors><span class=secno>3.3. </span>Constructors</h3>
1.205     avankest  586: 
1.275     avankest  587:   <dl class=domintro>
                    588:    <dt><var title="">client</var> = new <a href="#dom-xmlhttprequest"><code
                    589:     title=dom-XMLHttpRequest>XMLHttpRequest</code></a>()
                    590: 
                    591:    <dd>Returns a new <a
                    592:     href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object.
                    593:   </dl>
                    594: 
1.271     avankest  595:   <p>When the <dfn id=dom-xmlhttprequest
                    596:    title=dom-XMLHttpRequest><code>XMLHttpRequest()</code></dfn> constructor
                    597:    is invoked, the user agent <em class=ct>must</em> return a new <a
1.270     avankest  598:    href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object.
1.205     avankest  599: 
1.250     avankest  600:   <h3 id=event-handler-attributes><span class=secno>3.4. </span>Event Handler
1.207     avankest  601:    Attributes</h3>
                    602: 
                    603:   <p>The following is the <a href="#event-handler-attributes-0" title="event
                    604:    handler attributes">event handler attribute</a> (and its corresponding <a
                    605:    href="#event-handler-event-type">event handler event type</a>) that <em
1.270     avankest  606:    class=ct>must</em> be supported as DOM attribute by the <a
                    607:    href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object:
1.207     avankest  608: 
                    609:   <table>
                    610:    <thead>
                    611:     <tr>
                    612:      <th><a href="#event-handler-attributes-0" title="event handler
                    613:       attributes">event handler attribute</a>
                    614: 
                    615:      <th><a href="#event-handler-event-type">event handler event type</a>
                    616: 
                    617:    <tbody>
                    618:     <tr>
1.278     avankest  619:      <td><dfn id=handler-xhr-onreadystatechange
                    620:       title=handler-xhr-onreadystatechange><code>onreadystatechange</code></dfn>
                    621:       
1.207     avankest  622: 
1.278     avankest  623:      <td><code title=event-xhr-readystatechange>readystatechange</code>
1.207     avankest  624:   </table>
                    625: 
1.250     avankest  626:   <h3 id=states><span class=secno>3.5. </span>States</h3>
1.205     avankest  627: 
1.282     avankest  628:   <dl class=domintro>
                    629:    <dt><var title="">client</var> . <a
                    630:     href="#dom-xmlhttprequest-readystate"><code
                    631:     title=dom-XMLHttpRequest-readyState>readyState</code></a>
                    632: 
                    633:    <dd>
                    634:     <p>Returns the current state.
                    635:   </dl>
                    636: 
1.270     avankest  637:   <p>The <a href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object can
1.282     avankest  638:    be in several states. The <dfn id=dom-xmlhttprequest-readystate
                    639:    title=dom-XMLHttpRequest-readyState><code>readyState</code></dfn>
                    640:    attribute <em class=ct>must</em> return the current state, which <em
                    641:    class=ct>must</em> be one of the following values:
1.205     avankest  642: 
                    643:   <dl>
1.277     avankest  644:    <dt><dfn id=dom-xmlhttprequest-unsent
                    645:     title=dom-XMLHttpRequest-UNSENT><code>UNSENT</code></dfn> (numeric value
                    646:     0)
1.125     avankest  647: 
1.205     avankest  648:    <dd>
                    649:     <p>The object has been constructed.
                    650: 
1.277     avankest  651:    <dt><dfn id=dom-xmlhttprequest-opened
                    652:     title=dom-XMLHttpRequest-OPENED><code>OPENED</code></dfn> (numeric value
                    653:     1)
1.205     avankest  654: 
                    655:    <dd>
1.279     avankest  656:     <p>The <a href="#dom-xmlhttprequest-open"><code
                    657:      title=dom-XMLHttpRequest-open>open()</code></a> method has been
                    658:      successfully invoked. During this state request headers can be set using
1.284     avankest  659:      <a href="#dom-xmlhttprequest-setrequestheader"><code
                    660:      title=dom-XMLHttpRequest-setRequestHeader>setRequestHeader()</code></a>
1.275     avankest  661:      and the request can be made using the <a
1.276     avankest  662:      href="#dom-xmlhttprequest-send"><code
                    663:      title=dom-XMLHttpRequest-send>send()</code></a> method.
1.89      avankest  664: 
1.277     avankest  665:    <dt><dfn id="dom-xmlhttprequest-headers_received"
                    666:     title="dom-XMLHttpRequest-HEADERS_RECEIVED"><code>HEADERS_RECEIVED</code></dfn>
                    667:     (numeric value 2)
1.89      avankest  668: 
1.205     avankest  669:    <dd>
1.259     avankest  670:     <p>All redirects (if any) have been followed and all HTTP headers of the
                    671:      final response have been received. Several response members of the
1.205     avankest  672:      object are now available.
1.91      avankest  673: 
1.277     avankest  674:    <dt><dfn id=dom-xmlhttprequest-loading
                    675:     title=dom-XMLHttpRequest-LOADING><code>LOADING</code></dfn> (numeric
                    676:     value 3)
1.112     avankest  677: 
1.205     avankest  678:    <dd>
                    679:     <p>The <a href="#response-entity-body">response entity body</a> is being
                    680:      received.
1.91      avankest  681: 
1.277     avankest  682:    <dt><dfn id=dom-xmlhttprequest-done
                    683:     title=dom-XMLHttpRequest-DONE><code>DONE</code></dfn> (numeric value 4)
1.119     avankest  684: 
1.205     avankest  685:    <dd>
                    686:     <p>The data transfer has been completed or something went wrong during
                    687:      the transfer (e.g. infinite redirects).
                    688:   </dl>
1.116     avankest  689: 
1.277     avankest  690:   <p>The <a href="#dom-xmlhttprequest-opened"
                    691:    title=dom-XMLHttpRequest-OPENED>OPENED</a> state has an associated <dfn
                    692:    id=send-flag><code>send()</code> flag</dfn> that indicates whether the <a
                    693:    href="#dom-xmlhttprequest-send"><code
1.276     avankest  694:    title=dom-XMLHttpRequest-send>send()</code></a> method has been invoked.
                    695:    It can be either true or false and has an initial value of false.
1.205     avankest  696: 
1.314     avankest  697:   <p>The <dfn id=error-flag>error flag</dfn> indicates some type of network
                    698:    error or abortion. It is used during the <a
                    699:    href="#dom-xmlhttprequest-done" title=dom-XMLHttpRequest-DONE>DONE</a>
                    700:    state. It can be either true or false and has an initial value of false.
1.205     avankest  701: 
1.250     avankest  702:   <h3 id=request><span class=secno>3.6. </span>Request</h3>
1.112     avankest  703: 
1.270     avankest  704:   <p>The <a href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object
1.225     avankest  705:    holds the following request metadata variables:
1.112     avankest  706: 
1.206     avankest  707:   <dl>
                    708:    <dt>The <dfn id=asynchronous-flag>asynchronous flag</dfn>
                    709: 
1.271     avankest  710:    <dd>True when <a href="#fetch" title=fetch>fetching</a> is done
                    711:     asychronously. False when fetching is done synchronously.
1.206     avankest  712: 
                    713:    <dt>The <dfn id=request-method>request method</dfn>
                    714: 
1.314     avankest  715:    <dd>The HTTP method used in the request.
1.206     avankest  716: 
                    717:    <dt>The <dfn id=request-url>request URL</dfn>
                    718: 
1.316     avankest  719:    <dd>The resolved <a href="#url">URL</a> used in the request.
1.206     avankest  720: 
                    721:    <dt>The <dfn id=request-username>request username</dfn>
                    722: 
                    723:    <dd>The username used in the request or null if there is no username.
                    724: 
                    725:    <dt>The <dfn id=request-password>request password</dfn>
                    726: 
                    727:    <dd>The password used in the request or null if there is no password.
1.112     avankest  728: 
1.206     avankest  729:    <dt>The <dfn id=author-request-headers>author request headers</dfn>
1.112     avankest  730: 
1.206     avankest  731:    <dd>A list consisting of HTTP header name/value pairs to be used in the
                    732:     request.
1.112     avankest  733: 
1.206     avankest  734:    <dt>The <dfn id=request-entity-body>request entity body</dfn>
1.112     avankest  735: 
1.314     avankest  736:    <dd>The <a href="#entity-body">entity body</a> used in the request or null
                    737:     if there is no <a href="#entity-body">entity body</a>.
1.206     avankest  738:   </dl>
1.205     avankest  739: 
1.250     avankest  740:   <h4 id=the-open-method><span class=secno>3.6.1. </span>The <code
1.205     avankest  741:    title="">open()</code> method</h4>
                    742: 
1.274     avankest  743:   <dl class=domintro>
1.275     avankest  744:    <dt><var title="">client</var> . <a href="#dom-xmlhttprequest-open"><code
1.279     avankest  745:     title=dom-XMLHttpRequest-open>open(<var title="">method</var>, <var
                    746:     title="">url</var>, <var title="">async</var>, <var title="">user</var>,
                    747:     <var title="">password</var>)</code></a>
1.274     avankest  748: 
                    749:    <dd>
                    750:     <p>Sets the <a href="#request-method">request method</a>, <a
                    751:      href="#request-url">request URL</a>, <a
                    752:      href="#asynchronous-flag">asynchronous flag</a>, <a
                    753:      href="#request-username">request username</a>, and <a
1.285     avankest  754:      href="#request-password">request password</a>.</p>
                    755: 
                    756:     <p>Throws a <code>SYNTAX_ERR</code> exception if one of the following is
                    757:      true:</p>
                    758: 
                    759:     <ul>
                    760:      <li><var title="">method</var> is not a valid HTTP method.
                    761: 
                    762:      <li><var title="">url</var> cannot be resolved.
                    763: 
                    764:      <li><var title="">url</var> contains the <code>"user:password"</code>
                    765:       format in the <a href="#userinfo"><code>userinfo</code></a> production.
                    766:     </ul>
                    767: 
                    768:     <p>Throws a <a href="#security-err"><code>SECURITY_ERR</code></a>
                    769:      exception if <var title="">method</var> is a case-insensitive match for
                    770:      <code>CONNECT</code>, <code>TRACE</code> or <code>TRACK</code>.</p>
                    771: 
1.305     avankest  772:     <p>Throws an <code>INVALID_ACCESS_ERR</code> exception if either <var
                    773:      title="">user</var> or <var title="">password</var> is passed as
                    774:      argument and the <a href="#origin">origin</a> of <var title="">url</var>
                    775:      does not match the <a
                    776:      href="#xmlhttprequest-origin"><code>XMLHttpRequest</code> origin</a>.</p>
1.274     avankest  777:   </dl>
                    778: 
1.275     avankest  779:   <p>When the <dfn id=dom-xmlhttprequest-open
1.279     avankest  780:    title=dom-XMLHttpRequest-open><code>open(<var title="">method</var>, <var
                    781:    title="">url</var>, <var title="">async</var>, <var title="">user</var>,
                    782:    <var title="">password</var>)</code></dfn> method is invoked, the user
                    783:    agent <em class=ct>must</em> run these steps (unless otherwise indicated):
1.112     avankest  784: 
1.205     avankest  785:   <ol>
                    786:    <li>
1.270     avankest  787:     <p>If the <a href="#xmlhttprequest"><code>XMLHttpRequest</code></a>
1.225     avankest  788:      object has an associated <a
1.205     avankest  789:      href="#xmlhttprequest-document"><code>XMLHttpRequest</code>
                    790:      <code>Document</code></a> run these substeps:</p>
1.112     avankest  791: 
1.205     avankest  792:     <ol>
                    793:      <li>
                    794:       <p>If the <a
                    795:        href="#xmlhttprequest-document"><code>XMLHttpRequest</code>
                    796:        <code>Document</code></a> is not <a href="#fully-active">fully
                    797:        active</a> raise an <code>INVALID_STATE_ERR</code> exception and
                    798:        terminate the overall set of steps.
                    799: 
                    800:      <li>
                    801:       <p>Let <a href="#xmlhttprequest-base-url"><code>XMLHttpRequest</code>
                    802:        base URL</a> be the <a href="#document-base-url">document base URL</a>
                    803:        of the <a href="#xmlhttprequest-document"><code>XMLHttpRequest</code>
                    804:        <code>Document</code></a>.
                    805: 
                    806:      <li>
                    807:       <p>Let <a href="#xmlhttprequest-origin"><code>XMLHttpRequest</code>
                    808:        origin</a> be the <a href="#origin">origin</a> of the <a
                    809:        href="#xmlhttprequest-document"><code>XMLHttpRequest</code>
                    810:        <code>Document</code></a>.
                    811:     </ol>
1.112     avankest  812: 
                    813:    <li>
1.258     avankest  814:     <p>If any code point in <var>method</var> is higher than U+00FF LATIN
1.299     avankest  815:      SMALL LETTER Y WITH DIAERESIS or after <a
                    816:      href="#deflate-a-domstring-into-a-byte-sequence" title="deflate a
                    817:      DOMString into a byte sequence">deflating</a> <var>method</var> it does
                    818:      not match the <a href="#method-token">Method token</a> production raise
                    819:      a <code>SYNTAX_ERR</code> exception and terminate these steps. Otherwise
                    820:      let <var>method</var> be the result of <a
                    821:      href="#deflate-a-domstring-into-a-byte-sequence" title="deflate a
                    822:      DOMString into a byte sequence">deflating</a> <var>method</var>.
1.258     avankest  823:    </li>
                    824:    <!-- This sounds lame, but it works. -->
1.91      avankest  825: 
                    826:    <li>
1.258     avankest  827:     <p>If <var>method</var> is a case-insensitive match for
                    828:      <code>CONNECT</code>, <code>DELETE</code>, <code>GET</code>,
                    829:      <code>HEAD</code>, <code>OPTIONS</code>, <code>POST</code>,
                    830:      <code>PUT</code>, <code>TRACE</code>, or <code>TRACK</code> subtract
                    831:      0x20 from each byte in the range 0x61 (ASCII a) to 0x7A (ASCII z).</p>
1.205     avankest  832: 
                    833:     <p class=note>If it does not match any of the above, it is passed through
                    834:      <em>literally</em>, including in the final request.</p>
                    835:    </li>
                    836:    <!-- WebKit (and supposedly Gecko) also uppercase: COPY, INDEX, LOCK,
                    837:    M-POST, MKCOL, MOVE, PROPFIND, PROPPATCH, and UNLOCK. -->
1.89      avankest  838: 
1.205     avankest  839:    <li>
1.258     avankest  840:     <p>If <var>method</var> is a case-sensitive match for
1.261     avankest  841:      <code>CONNECT</code>, <code>TRACE</code>, or <code>TRACK</code> raise a
1.270     avankest  842:      <a href="#security-err"><code>SECURITY_ERR</code></a> exception and
1.261     avankest  843:      terminate these steps.</p>
1.164     avankest  844: 
1.205     avankest  845:     <p class=note>Allowing these methods poses a security risk. [<cite><a
                    846:      href="#ref-httpverbsec">HTTPVERBSEC</a></cite>]</p>
1.89      avankest  847: 
1.91      avankest  848:    <li>
1.205     avankest  849:     <p>Let <var title="">url</var> be a <a href="#url">URL</a>.
1.89      avankest  850: 
                    851:    <li>
1.205     avankest  852:     <p>Let <a href="#url-character-encoding">URL character encoding</a> of
                    853:      <var title="">url</var> be UTF-8.
1.89      avankest  854: 
                    855:    <li>
1.257     avankest  856:     <p><a href="#resolve-a-url" title="Resolve a URL">Resolve</a> <var
                    857:      title="">url</var> relative to the <a
1.205     avankest  858:      href="#xmlhttprequest-base-url"><code>XMLHttpRequest</code> base
                    859:      URL</a>. If the algorithm returns an error raise a
                    860:      <code>SYNTAX_ERR</code> exception and terminate these steps.
                    861:    </li>
                    862:    <!-- Presto and Gecko override the encoding. WebKit does not. Trident
                    863:    does not support non-ASCII URLs. This matters for the <query> component,
1.330   ! avankest  864:    see HTML. -->
1.129     avankest  865: 
1.205     avankest  866:    <li>
1.270     avankest  867:     <p>Drop <a href="#url-fragment"><code>&lt;fragment></code></a> from <var
1.205     avankest  868:      title="">url</var>.
1.89      avankest  869: 
                    870:    <li>
1.270     avankest  871:     <p>If the <code>"user:password"</code> format in the <a
                    872:      href="#userinfo"><code>userinfo</code></a> production is not supported
1.306     avankest  873:      for the relevant <a href="#url-scheme"><code>&lt;scheme></code></a> and
                    874:      <var title="">url</var> contains this format raise a
                    875:      <code>SYNTAX_ERR</code> and terminate these steps.
1.314     avankest  876:    </li>
                    877:    <!-- XXX need to throw here for "user:password" or just "user" for
                    878:             cross-origin unless we solve this in another way -->
1.2       avankest  879: 
1.205     avankest  880:    <li>
                    881:     <p>If <var title="">url</var> contains the <code>"user:password"</code>
                    882:      format let <var>temp user</var> be the user part and <var>temp
                    883:      password</var> be the password part.
1.2       avankest  884: 
1.205     avankest  885:    <li>
                    886:     <p>If <var title="">url</var> just contains the <code>"user"</code>
                    887:      format let <var>temp user</var> be the user part.
1.2       avankest  888: 
1.205     avankest  889:    <li>
                    890:     <p>Let <var>async</var> be the value of the <var>async</var> argument or
1.271     avankest  891:      true if it was omitted.
1.2       avankest  892: 
1.205     avankest  893:    <li>
1.305     avankest  894:     <p>If the <var title="">user</var> argument was not omitted follow these
                    895:      sub steps:</p>
1.2       avankest  896: 
1.60      avankest  897:     <ol>
                    898:      <li>
1.305     avankest  899:       <p>If <var title="">user</var> is not null and the <a
                    900:        href="#origin">origin</a> of <var title="">url</var> is not <a
                    901:        href="#same-origin">same origin</a> with the <a
                    902:        href="#xmlhttprequest-origin"><code>XMLHttpRequest</code> origin</a>
                    903:        raise an <code>INVALID_ACCESS_ERR</code> exception and terminate the
                    904:        overall set of steps.
1.2       avankest  905: 
1.60      avankest  906:      <li>
1.305     avankest  907:       <p>Let <var>temp user</var> be <var>user</var>.
1.205     avankest  908:     </ol>
1.184     avankest  909: 
1.205     avankest  910:     <p class=note>These steps override anything that may have been set by the
                    911:      <var title="">url</var> argument.</p>
1.157     avankest  912: 
1.205     avankest  913:    <li>
1.305     avankest  914:     <p>If the <var title="">password</var> argument was not omitted follow
                    915:      these sub steps:</p>
1.2       avankest  916: 
1.205     avankest  917:     <ol>
1.60      avankest  918:      <li>
1.305     avankest  919:       <p>If <var title="">password</var> is not null and the <a
                    920:        href="#origin">origin</a> of <var title="">url</var> is not <a
                    921:        href="#same-origin">same origin</a> with the <a
                    922:        href="#xmlhttprequest-origin"><code>XMLHttpRequest</code> origin</a>
                    923:        raise an <code>INVALID_ACCESS_ERR</code> exception and terminate the
                    924:        overall set of steps.
1.2       avankest  925: 
1.60      avankest  926:      <li>
1.305     avankest  927:       <p>Let <var>temp password</var> be <var>password</var>.
1.205     avankest  928:     </ol>
1.102     avankest  929: 
1.205     avankest  930:     <p class=note>These steps override anything that may have been set by the
                    931:      <var title="">url</var> argument.</p>
1.2       avankest  932: 
1.205     avankest  933:    <li>
1.319     avankest  934:     <p><a href="#terminated0" title="terminate abort()">Terminate the
                    935:      <code>abort()</code> algorithm</a>.
                    936: 
                    937:    <li>
                    938:     <p><a href="#terminated" title="terminate send()">Terminate the
1.205     avankest  939:      <code>send()</code> algorithm</a>.
1.2       avankest  940: 
1.205     avankest  941:    <li>
                    942:     <p>The user agent <em class=ct>should</em> cancel any network activity
                    943:      for which the object is responsible.
                    944:    </li>
                    945:    <!-- we can hardly require it... -->
1.24      avankest  946: 
1.205     avankest  947:    <li>
1.254     avankest  948:     <p>If there are any <a href="#task" title=task>tasks</a> from the
                    949:      object's <a
                    950:      href="#xmlhttprequest-task-source"><code>XMLHttpRequest</code> task
                    951:      source</a> in one of the <a href="#task-queues">task queues</a>, then
                    952:      remove those tasks.
                    953: 
                    954:    <li>
1.205     avankest  955:     <p>Set variables associated with the object as follows:</p>
1.70      avankest  956: 
1.205     avankest  957:     <ul>
1.60      avankest  958:      <li>
1.205     avankest  959:       <p>Set the <a href="#request-method">request method</a> to
                    960:        <var>method</var>.
1.17      avankest  961: 
1.60      avankest  962:      <li>
1.205     avankest  963:       <p>Set the <a href="#request-url">request URL</a> to <var
                    964:        title="">url</var>.
1.17      avankest  965: 
1.60      avankest  966:      <li>
1.308     avankest  967:       <p>Set the <a href="#asynchronous-flag">asynchronous flag</a> to the
                    968:        value of <var>async</var>.
                    969: 
                    970:      <li>
1.205     avankest  971:       <p>Set the <a href="#request-username">request username</a> to
                    972:        <var>temp user</var>.
1.17      avankest  973: 
1.60      avankest  974:      <li>
1.205     avankest  975:       <p>Set the <a href="#request-password">request password</a> to
                    976:        <var>temp password</var>.
1.17      avankest  977: 
1.60      avankest  978:      <li>
1.308     avankest  979:       <p>Empty the list of <a href="#author-request-headers">author request
                    980:        headers</a>.</p>
                    981: 
                    982:      <li>
                    983:       <p>Set the <a href="#send-flag"><code>send()</code> flag</a> to false.
                    984: 
                    985:      <li>
                    986:       <p>Set <a href="#response-entity-body">response entity body</a> to
                    987:        null.
1.205     avankest  988:     </ul>
1.44      avankest  989: 
1.205     avankest  990:    <li>
1.312     avankest  991:     <p>Switch the state to <a href="#dom-xmlhttprequest-opened"
1.277     avankest  992:      title=dom-XMLHttpRequest-OPENED>OPENED</a>.
1.176     avankest  993: 
1.205     avankest  994:    <li>
                    995:     <p><a href="#dispatch-readystatechange-event">Dispatch a
                    996:      <code>readystatechange</code> event</a>.
                    997:   </ol>
1.22      avankest  998: 
1.250     avankest  999:   <h4 id=the-setrequestheader-method><span class=secno>3.6.2. </span>The
1.248     avankest 1000:    <code title="">setRequestHeader()</code> method</h4>
1.275     avankest 1001: 
                   1002:   <dl class=domintro>
1.284     avankest 1003:    <dt><var title="">client</var> . <a
                   1004:     href="#dom-xmlhttprequest-setrequestheader"><code
                   1005:     title=dom-XMLHttpRequest-setRequestHeader>setRequestHeader(<var
                   1006:     title="">header</var>, <var title="">value</var>)</code></a>
1.275     avankest 1007: 
                   1008:    <dd>
                   1009:     <p>Appends an header to the list of <a
1.314     avankest 1010:      href="#author-request-headers">author request headers</a>, or if
                   1011:      <var>header</var> is already in the list of <a
                   1012:      href="#author-request-headers">author request headers</a>, combines its
                   1013:      value with <var>value</var>.</p>
1.285     avankest 1014: 
                   1015:     <p>Throws an <code>INVALID_STATE_ERR</code> exception if the state is not
                   1016:      <a href="#dom-xmlhttprequest-opened"
                   1017:      title=dom-XMLHttpRequest-OPENED>OPENED</a> or if the <a
                   1018:      href="#send-flag"><code>send()</code> flag</a> is true.</p>
                   1019: 
                   1020:     <p>Throws a <code>SYNTAX_ERR</code> exception if <var
                   1021:      title="">header</var> is not a valid HTTP header field name or if <var
                   1022:      title="">value</var> is not a valid HTTP header field value.</p>
1.275     avankest 1023:   </dl>
1.205     avankest 1024: 
1.284     avankest 1025:   <p class=note>As indicated in the algorithm below certain headers cannot be
                   1026:    set and are left up to the user agent. In addition there are certain other
                   1027:    headers the user agent will take control of if they are not set by the
                   1028:    author as indicated at the end of the <a
                   1029:    href="#dom-xmlhttprequest-send"><code
1.276     avankest 1030:    title=dom-XMLHttpRequest-send>send()</code></a> method section.
1.205     avankest 1031: 
1.275     avankest 1032:   <p>When the <dfn id=dom-xmlhttprequest-setrequestheader
1.284     avankest 1033:    title=dom-XMLHttpRequest-setRequestHeader><code>setRequestHeader(<var
                   1034:    title="">header</var>, <var title="">value</var>)</code></dfn> method is
                   1035:    invoked, the user agent <em class=ct>must</em> run these steps:
1.6       avankest 1036: 
1.205     avankest 1037:   <ol>
                   1038:    <li>
1.277     avankest 1039:     <p>If the state is not <a href="#dom-xmlhttprequest-opened"
                   1040:      title=dom-XMLHttpRequest-OPENED>OPENED</a> raise an
                   1041:      <code>INVALID_STATE_ERR</code> exception and terminate these steps.
1.47      avankest 1042: 
1.205     avankest 1043:    <li>
                   1044:     <p>If the <a href="#send-flag"><code>send()</code> flag</a> is true raise
                   1045:      an <code>INVALID_STATE_ERR</code> exception and terminate these steps.
1.60      avankest 1046: 
1.205     avankest 1047:    <li>
1.258     avankest 1048:     <p>If any code point in <var>header</var> is higher than U+00FF LATIN
1.299     avankest 1049:      SMALL LETTER Y WITH DIAERESIS or after <a
                   1050:      href="#deflate-a-domstring-into-a-byte-sequence" title="deflate a
                   1051:      DOMString into a byte sequence">deflating</a> <var>header</var> it does
                   1052:      not match the <a href="#field-name">field-name</a> production raise a
1.258     avankest 1053:      <code>SYNTAX_ERR</code> exception and terminate these steps. Otherwise
1.299     avankest 1054:      let <var>header</var> be the result of <a
                   1055:      href="#deflate-a-domstring-into-a-byte-sequence" title="deflate a
                   1056:      DOMString into a byte sequence">deflating</a> <var>header</var>.
1.258     avankest 1057:    </li>
                   1058:    <!-- This sounds lame, but it works. -->
1.6       avankest 1059: 
1.205     avankest 1060:    <li>
1.258     avankest 1061:     <p>If any code point in <var>value</var> is higher than U+00FF LATIN
1.299     avankest 1062:      SMALL LETTER Y WITH DIAERESIS or after <a
                   1063:      href="#deflate-a-domstring-into-a-byte-sequence" title="deflate a
                   1064:      DOMString into a byte sequence">deflating</a> <var>value</var> it does
                   1065:      not match the <a href="#field-value">field-value</a> production raise a
1.258     avankest 1066:      <code>SYNTAX_ERR</code> exception and terminate these steps. Otherwise
1.299     avankest 1067:      let <var>value</var> be the result of <a
                   1068:      href="#deflate-a-domstring-into-a-byte-sequence" title="deflate a
                   1069:      DOMString into a byte sequence">deflating</a> <var>value</var>.</p>
1.258     avankest 1070:     <!-- This sounds lame, but it works. -->
1.205     avankest 1071:     <p class=note>The empty string is legal and represents the empty header
                   1072:      value.</p>
1.71      avankest 1073: 
1.205     avankest 1074:    <li>
1.261     avankest 1075:     <p>Terminate these steps if <var>header</var> is a case-insensitive match
                   1076:      for one of the following headers:</p>
1.179     avankest 1077: 
1.205     avankest 1078:     <ul>
                   1079:      <li><code>Accept-Charset</code>
1.60      avankest 1080: 
1.205     avankest 1081:      <li><code>Accept-Encoding</code>
1.34      avankest 1082: 
1.205     avankest 1083:      <li><code>Connection</code>
1.34      avankest 1084: 
1.205     avankest 1085:      <li><code>Content-Length</code>
1.177     avankest 1086: 
1.205     avankest 1087:      <li><code>Cookie</code>
1.69      avankest 1088: 
1.205     avankest 1089:      <li><code>Cookie2</code>
1.34      avankest 1090: 
1.205     avankest 1091:      <li><code>Content-Transfer-Encoding</code>
1.177     avankest 1092: 
1.205     avankest 1093:      <li><code>Date</code>
1.177     avankest 1094: 
1.205     avankest 1095:      <li><code>Expect</code>
1.69      avankest 1096: 
1.205     avankest 1097:      <li><code>Host</code>
1.69      avankest 1098: 
1.205     avankest 1099:      <li><code>Keep-Alive</code>
1.34      avankest 1100: 
1.205     avankest 1101:      <li><code>Referer</code>
1.34      avankest 1102: 
1.205     avankest 1103:      <li><code>TE</code>
1.34      avankest 1104: 
1.205     avankest 1105:      <li><code>Trailer</code>
1.34      avankest 1106: 
1.205     avankest 1107:      <li><code>Transfer-Encoding</code>
1.34      avankest 1108: 
1.205     avankest 1109:      <li><code>Upgrade</code>
1.34      avankest 1110: 
1.205     avankest 1111:      <li><code>User-Agent</code>
1.34      avankest 1112: 
1.205     avankest 1113:      <li><code>Via</code>
                   1114:     </ul>
1.69      avankest 1115: 
1.258     avankest 1116:     <p>&hellip; or if the start of <var>header</var> is a case-insensitive
                   1117:      match for <code>Proxy-</code> or <code>Sec-</code> (including when
1.205     avankest 1118:      <var>header</var> is just <code>Proxy-</code> or <code>Sec-</code>).</p>
                   1119: 
1.285     avankest 1120:     <p class=note>The above headers are controlled by the user agent to let
                   1121:      it control those aspects of transport. This guarantees data integrity to
                   1122:      some extent. Header names starting with <code>Sec-</code> are not
                   1123:      allowed to be set to allow new headers to be minted that are guaranteed
                   1124:      not to come from <a
                   1125:      href="#xmlhttprequest"><code>XMLHttpRequest</code></a>.</p>
1.185     avankest 1126: 
1.205     avankest 1127:    <li>
                   1128:     <p>If <var>header</var> is not in the <a
                   1129:      href="#author-request-headers">author request headers</a> list append
                   1130:      <var>header</var> with its associated <var>value</var> to the list and
                   1131:      terminate these steps.
1.6       avankest 1132: 
1.205     avankest 1133:    <li>
                   1134:     <p>If <var>header</var> is in the <a
                   1135:      href="#author-request-headers">author request headers</a> list either
                   1136:      use multiple headers, combine the values or use a combination of those
                   1137:      (section 4.2, RFC 2616). [<cite><a
1.250     avankest 1138:      href="#rfc-rfc2616">RFC2616</a></cite>]
1.205     avankest 1139:    </li>
                   1140:    <!-- XXX it seems UAs always combine the values -->
                   1141:   </ol>
1.18      avankest 1142: 
1.276     avankest 1143:   <p class=note>See also the <a href="#dom-xmlhttprequest-send"><code
                   1144:    title=dom-XMLHttpRequest-send>send()</code></a> method regarding user
                   1145:    agent header handling for caching, authentication, proxies, and cookies.
1.47      avankest 1146: 
1.205     avankest 1147:   <div class=example>
1.316     avankest 1148:    <p>Some simple code demonstrating what happens when setting the same
                   1149:     header twice:</p>
                   1150: 
1.205     avankest 1151:    <pre><code>// The following script:
1.18      avankest 1152: var client = new XMLHttpRequest();
                   1153: client.open('GET', 'demo.cgi');
                   1154: client.setRequestHeader('X-Test', 'one');
                   1155: client.setRequestHeader('X-Test', 'two');
                   1156: client.send();
                   1157: 
1.316     avankest 1158: // &hellip;results in the following header being sent:
                   1159: X-Test: one, two</code></pre>
1.205     avankest 1160:   </div>
1.6       avankest 1161: 
1.250     avankest 1162:   <h4 id=the-send-method><span class=secno>3.6.3. </span>The <code
1.205     avankest 1163:    title="">send()</code> method</h4>
1.276     avankest 1164: 
                   1165:   <dl class=domintro>
                   1166:    <dt><var title="">client</var> . <a href="#dom-xmlhttprequest-send"><code
                   1167:     title=dom-XMLHttpRequest-send>send(<var title="">data</var>)</code></a>
                   1168: 
                   1169:    <dd>
                   1170:     <p>Initiates the request. The optional argument provides the <a
1.285     avankest 1171:      href="#request-entity-body">request entity body</a>. The argument is
                   1172:      ignored if <a href="#request-method">request method</a> is
                   1173:      <code>GET</code> or <code>HEAD</code>.</p>
                   1174: 
                   1175:     <p>Throws an <code>INVALID_STATE_ERR</code> exception if the state is not
                   1176:      <a href="#dom-xmlhttprequest-opened"
                   1177:      title=dom-XMLHttpRequest-OPENED>OPENED</a> or if the <a
                   1178:      href="#send-flag"><code>send()</code> flag</a> is true.</p>
1.276     avankest 1179:   </dl>
1.205     avankest 1180: 
1.275     avankest 1181:   <p>When the <dfn id=dom-xmlhttprequest-send
1.276     avankest 1182:    title=dom-XMLHttpRequest-send><code>send(<var>data</var>)</code></dfn>
1.319     avankest 1183:    method is invoked, the user agent <em class=ct>must</em> run these steps
                   1184:    (unless otherwise noted). This algorithm can be <dfn id=terminated
                   1185:    title="terminate send()">terminated</dfn> by invoking the <a
1.279     avankest 1186:    href="#dom-xmlhttprequest-open"><code
                   1187:    title=dom-XMLHttpRequest-open>open()</code></a> or <a
1.280     avankest 1188:    href="#dom-xmlhttprequest-abort"><code
1.319     avankest 1189:    title=dom-XMLHttpRequest-abort>abort()</code></a> method. When it is <a
                   1190:    href="#terminated" title="terminate send()">terminated</a> the user agent
                   1191:    <em class=ct>must</em> terminate the algorithm after finishing the step it
                   1192:    is on.
                   1193: 
                   1194:   <p class=note>The <a href="#dom-xmlhttprequest-send"><code
                   1195:    title=dom-XMLHttpRequest-send>send()</code></a> algorithm can only be
                   1196:    terminated when the <a href="#asynchronous-flag">asynchronous flag</a> is
1.205     avankest 1197:    true and only after the method call has returned.
1.60      avankest 1198: 
1.205     avankest 1199:   <ol>
                   1200:    <li>
1.277     avankest 1201:     <p>If the state is not <a href="#dom-xmlhttprequest-opened"
                   1202:      title=dom-XMLHttpRequest-OPENED>OPENED</a> raise an
                   1203:      <code>INVALID_STATE_ERR</code> exception and terminate these steps.
1.60      avankest 1204: 
1.205     avankest 1205:    <li>
                   1206:     <p>If the <a href="#send-flag"><code>send()</code> flag</a> is true raise
                   1207:      an <code>INVALID_STATE_ERR</code> exception and terminate these steps.
1.60      avankest 1208: 
1.205     avankest 1209:    <li>
1.285     avankest 1210:     <p>If the <a href="#request-method">request method</a> is a
                   1211:      case-sensitive match for <code>GET</code> or <code>HEAD</code> act as if
                   1212:      <var title="">data</var> is null.</p>
1.203     avankest 1213: 
1.241     avankest 1214:     <p>If the <var>data</var> argument has been omitted or is null, do not
                   1215:      include a <a href="#request-entity-body">request entity body</a> and go
                   1216:      to the next step.</p>
1.234     avankest 1217: 
1.250     avankest 1218:     <p>Otherwise, let <var>encoding</var> be null, <var>mime type</var> be
                   1219:      null, and then follow these rules:</p>
1.205     avankest 1220: 
                   1221:     <dl class=switch>
1.250     avankest 1222:      <dt>If <var>data</var> is a <code>Document</code>
1.205     avankest 1223: 
                   1224:      <dd>
1.234     avankest 1225:       <p>Let <var>encoding</var> be the <a
                   1226:        href="#preferred-mime-name">preferred MIME name</a> of the <a
1.246     avankest 1227:        href="#document-character-encoding" title="document's character
1.234     avankest 1228:        encoding">character encoding</a> of <var>data</var>. If
                   1229:        <var>encoding</var> is UTF-16 change it to UTF-8.</p>
                   1230: 
1.307     avankest 1231:       <p>Let <var>mime type</var> be "<code>application/xml</code>" or
                   1232:        "<code>text/html</code>" if <code>Document</code> is flagged as <a
                   1233:        href="#html-documents" title="HTML documents">HTML document</a>,
                   1234:        followed by "<code>;charset=</code>", followed by <var>encoding</var>.</p>
1.234     avankest 1235: 
                   1236:       <p>Let the <a href="#request-entity-body">request entity body</a> be
1.270     avankest 1237:        the result of getting the <a href="#dom-innerhtml"><code
                   1238:        title=dom-innerHTML>innerHTML</code></a> attribute on <var>data</var>
                   1239:        <a href="#dfn-obtain-unicode" title="convert a DOMString to a sequence
                   1240:        of Unicode characters">converted to Unicode</a> and encoded as
                   1241:        <var>encoding</var>. Re-raise any exception this raises.</p>
1.210     avankest 1242: 
1.235     avankest 1243:       <p class=note>In particular, if the document cannot be serialized an
1.219     avankest 1244:        <code>INVALID_STATE_ERR</code> exception is raised.</p>
                   1245: 
1.205     avankest 1246:       <p class=note>Subsequent changes to the <code>Document</code> have no
                   1247:        effect on what is submitted.</p>
1.239     avankest 1248: 
1.250     avankest 1249:      <dt>If <var>data</var> is a <code>DOMString</code>
1.239     avankest 1250: 
                   1251:      <dd>
1.250     avankest 1252:       <p>Let <var>encoding</var> be UTF-8.</p>
                   1253: 
                   1254:       <p>Let <var>mime type</var> be "<code>text/plain;charset=UTF-8</code>".</p>
                   1255: 
1.239     avankest 1256:       <p>Let the <a href="#request-entity-body">request entity body</a> be
                   1257:        <var>data</var> <a href="#dfn-obtain-unicode" title="convert a
                   1258:        DOMString to a sequence of Unicode characters">converted to
1.250     avankest 1259:        Unicode</a> and encoded as UTF-8.</p>
1.205     avankest 1260:     </dl>
1.103     avankest 1261: 
1.270     avankest 1262:     <p>If a <code>Content-Type</code> header is set using <a
1.284     avankest 1263:      href="#dom-xmlhttprequest-setrequestheader"><code
                   1264:      title=dom-XMLHttpRequest-setRequestHeader>setRequestHeader()</code></a>
1.275     avankest 1265:      whose value is a <a href="#valid-mime-type">valid MIME type</a> and has
                   1266:      a <code>charset</code> parameter whose value is not a case-insensitive
1.284     avankest 1267:      match for <var title="">encoding</var>, and <var title="">encoding</var>
                   1268:      is not null, set all the <code>charset</code> parameters of the
                   1269:      <code>Content-Type</code> header to <var title="">encoding</var>.</p>
1.234     avankest 1270: 
1.270     avankest 1271:     <p>If no <code>Content-Type</code> header has been set using <a
1.284     avankest 1272:      href="#dom-xmlhttprequest-setrequestheader"><code
                   1273:      title=dom-XMLHttpRequest-setRequestHeader>setRequestHeader()</code></a>
                   1274:      and <var title="">mime type</var> is not null set a
                   1275:      <code>Content-Type</code> request header with as value <var
                   1276:      title="">mime type</var>.</p>
1.238     avankest 1277:     <!-- reminder: if we ever change this to always include charset it has
                   1278:     to be included as the first parameter for compatibility reasons -->
                   1279:     
1.167     avankest 1280: 
1.205     avankest 1281:    <li>
                   1282:     <p>If the <a href="#asynchronous-flag">asynchronous flag</a> is false
                   1283:      release the <a href="#storage-mutex">storage mutex</a>.
1.60      avankest 1284: 
1.205     avankest 1285:    <li>
                   1286:     <p>Set the <a href="#error-flag">error flag</a> to false.
1.164     avankest 1287: 
1.205     avankest 1288:    <li>
1.213     avankest 1289:     <p>If the <a href="#asynchronous-flag">asynchronous flag</a> is true run
                   1290:      these substeps:</p>
                   1291: 
                   1292:     <ol>
                   1293:      <li>
1.219     avankest 1294:       <p>Set the <a href="#send-flag"><code>send()</code> flag</a> to true.
                   1295: 
                   1296:      <li>
1.213     avankest 1297:       <p><a href="#dispatch-readystatechange-event">Dispatch a
                   1298:        <code>readystatechange</code> event</a>.</p>
                   1299: 
                   1300:       <p class=note>The state does not change. The event is dispatched for
                   1301:        historical reasons.</p>
                   1302: 
                   1303:      <li>
1.276     avankest 1304:       <p>Return the <a href="#dom-xmlhttprequest-send"><code
                   1305:        title=dom-XMLHttpRequest-send>send()</code></a> method call, but
                   1306:        continue running the steps in this algorithm.
1.213     avankest 1307:     </ol>
                   1308: 
                   1309:    <li>
1.226     avankest 1310:     <dl class=switch>
1.305     avankest 1311:      <dt>If the <a href="#xmlhttprequest-origin"><code>XMLHttpRequest</code>
                   1312:       origin</a> and the <a href="#request-url">request URL</a> are <a
                   1313:       href="#same-origin">same origin</a>
1.195     avankest 1314: 
1.205     avankest 1315:      <dd>
1.305     avankest 1316:       <p>These are the <dfn id=same-origin-request-steps>same-origin request
                   1317:        steps</dfn>.</p>
                   1318: 
                   1319:       <p><a href="#fetch">Fetch</a> the <a href="#request-url">request
                   1320:        URL</a> from <i title="">origin</i> <a
                   1321:        href="#xmlhttprequest-origin"><code>XMLHttpRequest</code> origin</a>,
                   1322:        with the <i title="">synchronous flag</i> set if the <a
                   1323:        href="#asynchronous-flag">asynchronous flag</a> is false, using HTTP
                   1324:        method <a href="#request-method">request method</a>, user <a
                   1325:        href="#request-username">request username</a> (if non-null) and
                   1326:        password <a href="#request-password">request password</a> (if
                   1327:        non-null), taking into account the <a
                   1328:        href="#request-entity-body">request entity body</a>, list of <a
                   1329:        href="#author-request-headers">author request headers</a> and the
                   1330:        rules listed at the end of this section.</p>
                   1331: 
                   1332:       <dl class=switch>
                   1333:        <dt>If the <a href="#asynchronous-flag">asynchronous flag</a> is false
                   1334: 
                   1335:        <dd>
                   1336:         <p>While making the request also follow the <a
                   1337:          href="#same-origin-request-event-rules">same-origin request event
                   1338:          rules</a>.</p>
                   1339:         <!--
1.250     avankest 1340:          This cannot involve any task queue whatsoever because that would
                   1341:          mean other tasks on the task queue might get processed as well
                   1342:          which is counter to the whole idea of doing things synchronous.
                   1343:         -->
1.305     avankest 1344:         
                   1345:         <p class=note>The <a href="#dom-xmlhttprequest-send"><code
                   1346:          title=dom-XMLHttpRequest-send>send()</code></a> method call will now
                   1347:          be returned by virtue of this algorithm ending.</p>
                   1348: 
                   1349:        <dt>If the <a href="#asynchronous-flag">asynchronous flag</a> is true
                   1350: 
                   1351:        <dd>
                   1352:         <p>While processing the request, as data becomes available and when
                   1353:          the user interferes with the request, <a href="#queue-a-task"
                   1354:          title="queue a task">queue tasks</a> to update the <a
                   1355:          href="#response-entity-body">response entity body</a> and follow the
                   1356:          <a href="#same-origin-request-event-rules">same-origin request event
                   1357:          rules</a>.</p>
                   1358:       </dl>
1.205     avankest 1359: 
1.305     avankest 1360:      <dt>Otherwise
1.205     avankest 1361: 
                   1362:      <dd>
1.305     avankest 1363:       <p>These are the <dfn id=cross-origin-request-steps>cross-origin
                   1364:        request steps</dfn>.</p>
1.250     avankest 1365: 
1.305     avankest 1366:       <p>This is a <a href="#network-error">network error</a>.</p>
1.205     avankest 1367:     </dl>
                   1368:   </ol>
1.124     avankest 1369: 
1.205     avankest 1370:   <hr>
                   1371: 
1.229     avankest 1372:   <p>If the user agent allows the end user to configure a proxy it <em
1.250     avankest 1373:    class=ct>should</em> modify the request appropriately; i.e., connect to
                   1374:    the proxy host instead of the origin server, modify the
1.214     avankest 1375:    <code>Request-Line</code> and send <code>Proxy-Authorization</code>
                   1376:    headers as specified.
                   1377: 
1.264     avankest 1378:   <hr>
                   1379: 
                   1380:   <p>If the user agent supports HTTP Authentication and <code
                   1381:    title=http-authorization>Authorization</code> is not in the list of <a
1.220     avankest 1382:    href="#author-request-headers">author request headers</a>, it <em
1.270     avankest 1383:    class=ct>should</em> consider requests originating from the <a
                   1384:    href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object to be part
                   1385:    of the protection space that includes the accessed URIs and send <code
1.264     avankest 1386:    title=http-authorization>Authorization</code> headers and handle <code>401
                   1387:    Unauthorized</code> requests appropriately.
                   1388: 
1.315     avankest 1389:   <p>If authentication fails, <a
                   1390:    href="#xmlhttprequest-origin"><code>XMLHttpRequest</code> origin</a> and
                   1391:    the <a href="#request-url">request URL</a> are <a href="#same-origin">same
                   1392:    origin</a>, <code title=http-authorization>Authorization</code> is not in
                   1393:    the list of <a href="#author-request-headers">author request headers</a>,
                   1394:    <a href="#request-username">request username</a> is null, and <a
1.264     avankest 1395:    href="#request-password">request password</a> is null, user agents <em
                   1396:    class=ct>should</em> prompt the end user for their username and password.
                   1397: 
1.315     avankest 1398:   <p>Otherwise, if authentication fails, user agents <em class=ct>must
                   1399:    not</em> prompt the end user for their username and password. [<cite><a
                   1400:    href="#ref-rfc2617">RFC2617</a></cite>]
                   1401: 
                   1402:   <p class=note>End users are not prompted for various cases so that authors
                   1403:    can implement their own user interface.
1.214     avankest 1404: 
1.264     avankest 1405:   <hr>
                   1406: 
1.214     avankest 1407:   <p>If the user agent supports HTTP State Management it <em
                   1408:    class=ct>should</em> persist, discard and send cookies (as received in the
1.302     avankest 1409:    <code>Set-Cookie</code> response header, and sent in the
                   1410:    <code>Cookie</code> header) as applicable. [<cite><a
1.232     avankest 1411:    href="#ref-cookies">COOKIES</a></cite>]
1.214     avankest 1412: 
1.264     avankest 1413:   <hr>
                   1414: 
1.214     avankest 1415:   <p>If the user agent implements a HTTP cache it <em class=ct>should</em>
1.270     avankest 1416:    respect <code>Cache-Control</code> request headers set by the <a
1.284     avankest 1417:    href="#dom-xmlhttprequest-setrequestheader"><code
                   1418:    title=dom-XMLHttpRequest-setRequestHeader>setRequestHeader()</code></a>
1.275     avankest 1419:    (e.g., <code>Cache-Control: no-cache</code> bypasses the cache). It <em
1.214     avankest 1420:    class=ct>must not</em> send <code>Cache-Control</code> or
1.229     avankest 1421:    <code>Pragma</code> request headers automatically unless the end user
1.284     avankest 1422:    explicitly requests such behavior (e.g. by reloading the page).
1.214     avankest 1423: 
                   1424:   <p>For <code>304 Not Modified</code> responses that are a result of a user
                   1425:    agent generated conditional request the user agent <em class=ct>must</em>
                   1426:    act as if the server gave a <code>200 OK</code> response with the
1.270     avankest 1427:    appropriate content. The user agent <em class=ct>must</em> allow <a
1.284     avankest 1428:    href="#dom-xmlhttprequest-setrequestheader"><code
                   1429:    title=dom-XMLHttpRequest-setRequestHeader>setRequestHeader()</code></a> to
                   1430:    override automatic cache validation by setting request headers (e.g.
1.250     avankest 1431:    <code>If-None-Match</code> or <code>If-Modified-Since</code>), in which
                   1432:    case <code>304 Not Modified</code> responses <em class=ct>must</em> be
                   1433:    passed through. [<cite><a href="#rfc-rfc2616">RFC2616</a></cite>]
1.214     avankest 1434: 
1.264     avankest 1435:   <hr>
                   1436: 
1.214     avankest 1437:   <p>If the user agent implements server-driven content-negotiation it <em
1.303     avankest 1438:    class=ct>must</em> follow these constraints for the <code>Accept</code>
                   1439:    and <code>Accept-Language</code> request headers:
1.233     avankest 1440: 
                   1441:   <ul>
                   1442:    <li>
                   1443:     <p>Both headers <em class=ct>must not</em> be modified if they are
1.284     avankest 1444:      already set through <a href="#dom-xmlhttprequest-setrequestheader"><code
                   1445:      title=dom-XMLHttpRequest-setRequestHeader>setRequestHeader()</code></a>.
1.233     avankest 1446: 
                   1447:    <li>
1.270     avankest 1448:     <p>If not set through <a
1.284     avankest 1449:      href="#dom-xmlhttprequest-setrequestheader"><code
                   1450:      title=dom-XMLHttpRequest-setRequestHeader>setRequestHeader()</code></a>
1.257     avankest 1451:      <code>Accept-Language</code> <em class=ct>should</em> be set as
1.233     avankest 1452:      appropriate.
                   1453: 
                   1454:    <li>
1.270     avankest 1455:     <p>If not set through <a
1.284     avankest 1456:      href="#dom-xmlhttprequest-setrequestheader"><code
                   1457:      title=dom-XMLHttpRequest-setRequestHeader>setRequestHeader()</code></a>
1.233     avankest 1458:      <code>Accept</code> <em class=ct>must</em> be set with as value
                   1459:      <code>*/*</code>.
                   1460:   </ul>
                   1461: 
                   1462:   <p>Responses <em class=ct>must</em> have the content-encodings
1.250     avankest 1463:    automatically decoded. [<cite><a href="#rfc-rfc2616">RFC2616</a></cite>]
1.214     avankest 1464: 
1.264     avankest 1465:   <hr>
                   1466: 
1.214     avankest 1467:   <p>Besides the <a href="#author-request-headers">author request headers</a>
                   1468:    user agents <em class=ct>should not</em> include additional request
                   1469:    headers other than those mentioned above or other than those authors are
1.270     avankest 1470:    not allowed to set using <a
1.284     avankest 1471:    href="#dom-xmlhttprequest-setrequestheader"><code
                   1472:    title=dom-XMLHttpRequest-setRequestHeader>setRequestHeader()</code></a>.
1.275     avankest 1473:    This ensures that authors have a reasonably predictable API.
1.214     avankest 1474: 
1.250     avankest 1475:   <h4 id=infrastructure-for-the-send-method><span class=secno>3.6.4.
1.214     avankest 1476:    </span>Infrastructure for the <code title="">send()</code> method</h4>
                   1477: 
1.221     avankest 1478:   <p>The <dfn id=same-origin-request-event-rules>same-origin request event
                   1479:    rules</dfn> are as follows:
1.205     avankest 1480: 
                   1481:   <dl class=switch>
1.290     avankest 1482:    <dt>If the response has an HTTP status code of 301, 302, 303, or 307
1.205     avankest 1483: 
                   1484:    <dd>
1.305     avankest 1485:     <p>If the redirect violates infinite loop precautions this is a <a
                   1486:      href="#network-error">network error</a>.</p>
1.205     avankest 1487: 
1.305     avankest 1488:     <p>Otherwise, run these steps:</p>
                   1489: 
                   1490:     <ol>
                   1491:      <li>
                   1492:       <p>Set the <a href="#request-url">request URL</a> to the <a
                   1493:        href="#url">URL</a> conveyed by the <code>Location</code> header.
                   1494: 
                   1495:      <li>
                   1496:       <p>If the <a href="#xmlhttprequest-origin"><code>XMLHttpRequest</code>
                   1497:        origin</a> and the <a href="#origin">origin</a> of <a
                   1498:        href="#request-url">request URL</a> are <a href="#same-origin">same
                   1499:        origin</a> transparently follow the redirect while observing the <a
                   1500:        href="#same-origin-request-event-rules">same-origin request event
                   1501:        rules</a>.
                   1502: 
                   1503:      <li>
                   1504:       <p>Otherwise, follow the <a
                   1505:        href="#cross-origin-request-steps">cross-origin request steps</a> and
                   1506:        terminate the steps for this algorithm.
                   1507:     </ol>
1.250     avankest 1508: 
1.205     avankest 1509:     <p class=note>HTTP places requirements on the user agent regarding the
1.206     avankest 1510:      preservation of the <a href="#request-method">request method</a> and <a
                   1511:      href="#request-entity-body">request entity body</a> during redirects,
1.229     avankest 1512:      and also requires end users to be notified of certain kinds of automatic
1.205     avankest 1513:      redirections.</p>
                   1514:     <!-- XXX HTTP needs fixing here -->
                   1515: 
1.290     avankest 1516:    <dt>If the end user cancels the request
1.205     avankest 1517: 
1.215     avankest 1518:    <dd>
                   1519:     <p>This is an <a href="#abort-error">abort error</a>.
1.119     avankest 1520: 
1.290     avankest 1521:    <dt>If there is a network error
1.216     avankest 1522: 
1.215     avankest 1523:    <dd>
                   1524:     <p>In case of DNS errors, TLS negotiation failure, or other type of
                   1525:      network errors, this is a <a href="#network-error">network error</a>. Do
1.229     avankest 1526:      not request any kind of end user interaction.</p>
1.205     avankest 1527: 
1.215     avankest 1528:     <p class=note>This does not include HTTP responses that indicate some
                   1529:      type of error, such as HTTP status code 410.</p>
1.119     avankest 1530: 
1.310     avankest 1531:    <dt>Once all HTTP headers have been received, the <a
                   1532:     href="#asynchronous-flag">asynchronous flag</a> is true, and the HTTP
                   1533:     status code of the response is not 301, 302, 303, or 307
1.60      avankest 1534: 
1.215     avankest 1535:    <dd>
1.289     avankest 1536:     <p><a href="#switch-headers-received">Switch to the HEADERS_RECEIVED
                   1537:      state</a>.
1.60      avankest 1538: 
1.222     avankest 1539:    <dt>Once the first byte (or more) of the <a
                   1540:     href="#response-entity-body">response entity body</a> has been received
                   1541:     and the <a href="#asynchronous-flag">asynchronous flag</a> is true
                   1542: 
                   1543:    <dt>If there is no <a href="#response-entity-body">response entity
                   1544:     body</a> and the <a href="#asynchronous-flag">asynchronous flag</a> is
1.215     avankest 1545:     true
1.19      avankest 1546: 
1.222     avankest 1547:    <dd>
1.289     avankest 1548:     <p><a href="#switch-loading">Switch to the LOADING state</a>.
1.222     avankest 1549: 
                   1550:    <dt>Once the whole <a href="#response-entity-body">response entity
                   1551:     body</a> has been received
                   1552: 
                   1553:    <dt>If there is no <a href="#response-entity-body">response entity
1.301     avankest 1554:     body</a> and the state is <a href="#dom-xmlhttprequest-loading"
                   1555:     title=dom-XMLHttpRequest-LOADING>LOADING</a>
                   1556: 
                   1557:    <dt>If there is no <a href="#response-entity-body">response entity
1.226     avankest 1558:     body</a> and the <a href="#asynchronous-flag">asynchronous flag</a> is
1.301     avankest 1559:     false
1.185     avankest 1560: 
1.215     avankest 1561:    <dd>
1.289     avankest 1562:     <p><a href="#switch-done">Switch to the DONE state</a>.
1.215     avankest 1563:   </dl>
1.6       avankest 1564: 
1.215     avankest 1565:   <hr>
1.6       avankest 1566: 
1.215     avankest 1567:   <p>When something is said to be a <dfn id=network-error>network error</dfn>
1.270     avankest 1568:    run the <a href="#request-error">request error</a> steps for exception <a
                   1569:    href="#network-err"><code>NETWORK_ERR</code></a>.
1.62      avankest 1570: 
1.243     avankest 1571:   <p>When something is said to be an <dfn id=abort-error>abort error</dfn>
1.270     avankest 1572:    run the <a href="#request-error">request error</a> steps for exception <a
                   1573:    href="#abort-err"><code>ABORT_ERR</code></a>.
1.84      avankest 1574: 
1.244     avankest 1575:   <p>When something is said to be a <dfn id=request-error>request error</dfn>
                   1576:    for exception <var>exception</var> run these steps:
1.60      avankest 1577: 
1.256     avankest 1578:   <ol>
                   1579:    <li>
                   1580:     <p>The user agent <em class=ct>should</em> cancel any network activity
                   1581:      for which the object is responsible.
                   1582: 
                   1583:    <li>
                   1584:     <p>If there are any <a href="#task" title=task>tasks</a> from the
                   1585:      object's <a
                   1586:      href="#xmlhttprequest-task-source"><code>XMLHttpRequest</code> task
                   1587:      source</a> in one of the <a href="#task-queues">task queues</a>, then
                   1588:      remove those tasks.
1.252     avankest 1589: 
1.215     avankest 1590:    <li>
1.256     avankest 1591:     <p>Set the the <a href="#error-flag">error flag</a> to true.
1.205     avankest 1592: 
1.215     avankest 1593:    <li>
1.277     avankest 1594:     <p>Switch the state to <a href="#dom-xmlhttprequest-done"
                   1595:      title=dom-XMLHttpRequest-DONE>DONE</a>.
1.205     avankest 1596: 
1.215     avankest 1597:    <li>
                   1598:     <p>If the <a href="#asynchronous-flag">asynchronous flag</a> is false
1.243     avankest 1599:      raise an <var>exception</var> exception and terminate the overall set of
                   1600:      steps.
1.205     avankest 1601: 
1.215     avankest 1602:    <li>
1.251     avankest 1603:     <p><a href="#dispatch-readystatechange-event">Dispatch a
1.250     avankest 1604:      <code>readystatechange</code> event</a>.</p>
                   1605: 
                   1606:     <p class=note>At this point it is clear that the <a
                   1607:      href="#asynchronous-flag">asynchronous flag</a> is true.</p>
1.215     avankest 1608:   </ol>
1.6       avankest 1609: 
1.278     avankest 1610:   <p class=note>A future version of this specification will dispatch an <code
1.280     avankest 1611:    title=event-xhr-error>error</code>/<code>abort</code> event here as well.
                   1612:    (Depending on the type of error.)
1.6       avankest 1613: 
1.215     avankest 1614:   <hr>
1.2       avankest 1615: 
1.215     avankest 1616:   <p>When it is said to <dfn id=switch-headers-received>switch to the
1.289     avankest 1617:    HEADERS_RECEIVED state</dfn> run these steps:
1.60      avankest 1618: 
1.215     avankest 1619:   <ol>
                   1620:    <li>
1.277     avankest 1621:     <p>Switch the state to <a href="#dom-xmlhttprequest-headers_received"
                   1622:      title="dom-XMLHttpRequest-HEADERS_RECEIVED">HEADERS_RECEIVED</a>.
1.125     avankest 1623: 
1.215     avankest 1624:    <li>
1.251     avankest 1625:     <p><a href="#dispatch-readystatechange-event">Dispatch a
1.215     avankest 1626:      <code>readystatechange</code> event</a>.
                   1627:   </ol>
1.205     avankest 1628: 
1.289     avankest 1629:   <p>When it is said to <dfn id=switch-loading>switch to the LOADING
                   1630:    state</dfn> run these steps:
1.205     avankest 1631: 
1.215     avankest 1632:   <ol>
                   1633:    <li>
1.277     avankest 1634:     <p>Switch the state to <a href="#dom-xmlhttprequest-loading"
                   1635:      title=dom-XMLHttpRequest-LOADING>LOADING</a>.
1.17      avankest 1636: 
1.215     avankest 1637:    <li>
1.251     avankest 1638:     <p><a href="#dispatch-readystatechange-event">Dispatch a
1.215     avankest 1639:      <code>readystatechange</code> event</a>.
                   1640:   </ol>
1.205     avankest 1641: 
1.289     avankest 1642:   <p>When it is said to <dfn id=switch-done>switch to the DONE state</dfn>
                   1643:    run these steps:
1.218     avankest 1644: 
                   1645:   <ol>
                   1646:    <li>
1.257     avankest 1647:     <p>If the <a href="#asynchronous-flag">asynchronous flag</a> is false
                   1648:      update the <a href="#response-entity-body">response entity body</a>.
                   1649: 
                   1650:    <li>
1.277     avankest 1651:     <p>Switch the state to <a href="#dom-xmlhttprequest-done"
                   1652:      title=dom-XMLHttpRequest-DONE>DONE</a>.
1.218     avankest 1653: 
                   1654:    <li>
1.250     avankest 1655:     <p><a href="#dispatch-readystatechange-event">Dispatch a
1.218     avankest 1656:      <code>readystatechange</code> event</a>.
                   1657:   </ol>
                   1658: 
1.250     avankest 1659:   <h4 id=the-abort-method><span class=secno>3.6.5. </span>The <code
1.205     avankest 1660:    title="">abort()</code> method</h4>
                   1661: 
1.280     avankest 1662:   <dl class=domintro>
                   1663:    <dt><var title="">client</var> . <a href="#dom-xmlhttprequest-abort"><code
                   1664:     title=dom-XMLHttpRequest-abort>abort()</code></a>
                   1665: 
                   1666:    <dd>Cancels any network activity.
                   1667:   </dl>
                   1668: 
                   1669:   <p>When the <dfn id=dom-xmlhttprequest-abort
                   1670:    title=dom-XMLHttpRequest-abort><code>abort()</code></dfn> method is
                   1671:    invoked, the user agent <em class=ct>must</em> run these steps (unless
1.319     avankest 1672:    otherwise noted). This algorithm can be <dfn id=terminated0
                   1673:    title="terminate abort()">terminated</dfn> by invoking the <a
                   1674:    href="#dom-xmlhttprequest-open"><code
                   1675:    title=dom-XMLHttpRequest-open>open()</code></a> method. When it is <a
                   1676:    href="#terminated0" title="terminate abort()">terminated</a> the user
                   1677:    agent <em class=ct>must</em> terminate the algorithm after finishing the
                   1678:    step it is on.
                   1679: 
                   1680:   <p class=note>The <a href="#dom-xmlhttprequest-abort"><code
                   1681:    title=dom-XMLHttpRequest-abort>abort()</code></a> algorithm can only be
                   1682:    terminated by invoking <a href="#dom-xmlhttprequest-open"><code
                   1683:    title=dom-XMLHttpRequest-open>open()</code></a> from an event handler.
1.205     avankest 1684: 
                   1685:   <ol>
                   1686:    <li>
1.319     avankest 1687:     <p><a href="#terminated" title="terminate send()">Terminate the
1.205     avankest 1688:      <code>send()</code> algorithm</a>.
1.202     avankest 1689: 
1.205     avankest 1690:    <li>
                   1691:     <p>The user agent <em class=ct>should</em> cancel any network activity
                   1692:      for which the object is responsible.
1.254     avankest 1693: 
                   1694:    <li>
                   1695:     <p>If there are any <a href="#task" title=task>tasks</a> from the
                   1696:      object's <a
                   1697:      href="#xmlhttprequest-task-source"><code>XMLHttpRequest</code> task
                   1698:      source</a> in one of the <a href="#task-queues">task queues</a>, then
                   1699:      remove those tasks.
1.205     avankest 1700: 
                   1701:    <li>
1.254     avankest 1702:     <p>Set the <a href="#error-flag">error flag</a> to true.
1.205     avankest 1703: 
                   1704:    <li>
1.277     avankest 1705:     <p>If the state is <a href="#dom-xmlhttprequest-unsent"
                   1706:      title=dom-XMLHttpRequest-UNSENT>UNSENT</a>, <a
                   1707:      href="#dom-xmlhttprequest-opened"
                   1708:      title=dom-XMLHttpRequest-OPENED>OPENED</a> with the <a
                   1709:      href="#send-flag"><code>send()</code> flag</a> being false, or <a
                   1710:      href="#dom-xmlhttprequest-done" title=dom-XMLHttpRequest-DONE>DONE</a>
                   1711:      go to the next step.</p>
1.205     avankest 1712: 
                   1713:     <p>Otherwise run these substeps:</p>
                   1714: 
                   1715:     <ol>
1.202     avankest 1716:      <li>
1.277     avankest 1717:       <p>Switch the state to <a href="#dom-xmlhttprequest-done"
                   1718:        title=dom-XMLHttpRequest-DONE>DONE</a>.
1.77      avankest 1719: 
                   1720:      <li>
1.205     avankest 1721:       <p>Set the <a href="#send-flag"><code>send()</code> flag</a> to false.
1.77      avankest 1722: 
                   1723:      <li>
1.205     avankest 1724:       <p><a href="#dispatch-readystatechange-event">Dispatch a
                   1725:        <code>readystatechange</code> event</a>.
1.60      avankest 1726:     </ol>
1.17      avankest 1727: 
1.252     avankest 1728:     <p class=note>A future version of this specification will dispatch an
1.278     avankest 1729:      <code title=event-xhr-abort>abort</code> event here.</p>
1.220     avankest 1730: 
1.205     avankest 1731:    <li>
1.277     avankest 1732:     <p>Switch the state to <a href="#dom-xmlhttprequest-unsent"
                   1733:      title=dom-XMLHttpRequest-UNSENT>UNSENT</a>.</p>
1.205     avankest 1734: 
1.278     avankest 1735:     <p class=note>No <code
                   1736:      title=event-xhr-readystatechange>readystatechange</code> event is
                   1737:      dispatched.</p>
1.205     avankest 1738:   </ol>
                   1739: 
1.250     avankest 1740:   <h3 id=response><span class=secno>3.7. </span>Response</h3>
1.205     avankest 1741: 
1.250     avankest 1742:   <h4 id=the-status-attribute><span class=secno>3.7.1. </span>The <code
1.205     avankest 1743:    title="">status</code> attribute</h4>
                   1744: 
1.281     avankest 1745:   <dl class=domintro>
                   1746:    <dt><var title="">client</var> . <a
                   1747:     href="#dom-xmlhttprequest-status"><code
                   1748:     title=dom-XMLHttpRequest-status>status</code></a>
                   1749: 
                   1750:    <dd>
                   1751:     <p>Returns the HTTP status code.
                   1752:   </dl>
                   1753: 
                   1754:   <p>The <dfn id=dom-xmlhttprequest-status
                   1755:    title=dom-XMLHttpRequest-status><code>status</code></dfn> attribute <em
                   1756:    class=ct>must</em> return the result of running these steps:
1.224     avankest 1757: 
                   1758:   <ol>
                   1759:    <li>
1.277     avankest 1760:     <p>If the state is <a href="#dom-xmlhttprequest-unsent"
                   1761:      title=dom-XMLHttpRequest-UNSENT>UNSENT</a> or <a
                   1762:      href="#dom-xmlhttprequest-opened"
                   1763:      title=dom-XMLHttpRequest-OPENED>OPENED</a> return 0 and terminate these
                   1764:      steps.
1.224     avankest 1765: 
                   1766:    <li>
1.241     avankest 1767:     <p>If the <a href="#error-flag">error flag</a> is true return 0 and
                   1768:      terminate these steps.
1.224     avankest 1769: 
                   1770:    <li>
                   1771:     <p>Return the HTTP status code.
                   1772:   </ol>
1.205     avankest 1773: 
1.250     avankest 1774:   <h4 id=the-statustext-attribute><span class=secno>3.7.2. </span>The <code
1.205     avankest 1775:    title="">statusText</code> attribute</h4>
                   1776: 
1.281     avankest 1777:   <dl class=domintro>
                   1778:    <dt><var title="">client</var> . <a
                   1779:     href="#dom-xmlhttprequest-statustext"><code
                   1780:     title=dom-XMLHttpRequest-statusText>statusText</code></a>
                   1781: 
                   1782:    <dd>
                   1783:     <p>Returns the HTTP status text.
                   1784:   </dl>
                   1785: 
                   1786:   <p>The <dfn id=dom-xmlhttprequest-statustext
                   1787:    title=dom-XMLHttpRequest-statusText><code>statusText</code></dfn>
1.275     avankest 1788:    attribute <em class=ct>must</em> return the result of running these steps:
1.224     avankest 1789: 
                   1790:   <ol>
                   1791:    <li>
1.277     avankest 1792:     <p>If the state is <a href="#dom-xmlhttprequest-unsent"
                   1793:      title=dom-XMLHttpRequest-UNSENT>UNSENT</a> or <a
                   1794:      href="#dom-xmlhttprequest-opened"
                   1795:      title=dom-XMLHttpRequest-OPENED>OPENED</a> return the empty string and
                   1796:      terminate these steps.
1.224     avankest 1797: 
                   1798:    <li>
                   1799:     <p>If the <a href="#error-flag">error flag</a> is true return the empty
                   1800:      string and terminate these steps.
                   1801: 
                   1802:    <li>
                   1803:     <p>Return the HTTP status text.
                   1804:   </ol>
1.205     avankest 1805: 
1.250     avankest 1806:   <h4 id=the-getresponseheader-method><span class=secno>3.7.3. </span>The
1.205     avankest 1807:    <code title="">getResponseHeader()</code> method</h4>
                   1808: 
1.283     avankest 1809:   <dl class=domintro>
                   1810:    <dt><var title="">client</var> . <a
                   1811:     href="#dom-xmlhttprequest-getresponseheader"><code
                   1812:     title=dom-XMLHttpRequest-getResponseHeader>getResponseHeader(<var
                   1813:     title="">header</var>)</code></a>
                   1814: 
                   1815:    <dd>
                   1816:     <p>Returns the header field value from the response of which the field
                   1817:      name matches <var title="">header</var>, unless the field name is
                   1818:      <code>Set-Cookie</code> or <code>Set-Cookie2</code>.
                   1819:   </dl>
                   1820: 
1.275     avankest 1821:   <p>When the <dfn id=dom-xmlhttprequest-getresponseheader
1.283     avankest 1822:    title=dom-XMLHttpRequest-getResponseHeader><code>getResponseHeader(<var
                   1823:    title="">header</var>)</code></dfn> is invoked, the user agent <em
                   1824:    class=ct>must</em> run these steps:
1.205     avankest 1825: 
                   1826:   <ol>
                   1827:    <li>
1.277     avankest 1828:     <p>If the state is <a href="#dom-xmlhttprequest-unsent"
                   1829:      title=dom-XMLHttpRequest-UNSENT>UNSENT</a> or <a
                   1830:      href="#dom-xmlhttprequest-opened"
                   1831:      title=dom-XMLHttpRequest-OPENED>OPENED</a> return null and terminate
                   1832:      these steps.
1.205     avankest 1833: 
                   1834:    <li>
1.241     avankest 1835:     <p>If the <a href="#error-flag">error flag</a> is true return null and
                   1836:      terminate these steps.
1.205     avankest 1837: 
                   1838:    <li>
1.258     avankest 1839:     <p>If any code point in <var>header</var> is higher than U+00FF LATIN
                   1840:      SMALL LETTER Y WITH DIAERESIS return null and terminate these steps.
                   1841: 
                   1842:    <li>
1.299     avankest 1843:     <p>Let <var>header</var> be the result of <a
                   1844:      href="#deflate-a-domstring-into-a-byte-sequence" title="deflate a
                   1845:      DOMString into a byte sequence">deflating</a> <var>header</var>.
1.258     avankest 1846:    </li>
                   1847:    <!-- This sounds lame, but it works. -->
1.205     avankest 1848: 
                   1849:    <li>
1.258     avankest 1850:     <p>If <var>header</var> is a case-insensitive match for
                   1851:      <code>Set-Cookie</code> or <code>Set-Cookie2</code> return null and
1.205     avankest 1852:      terminate these steps.
                   1853: 
                   1854:    <li>
1.258     avankest 1855:     <p>If <var>header</var> is a case-insensitive match for multiple HTTP
1.299     avankest 1856:      response headers, return the <a
                   1857:      href="#inflate-a-byte-sequence-into-a-domstring" title="inflate a byte
                   1858:      sequence into a DOMString">inflated</a> values of these headers as a
                   1859:      single concatenated string separated from each other by a U+002C COMMA
                   1860:      U+0020 SPACE character pair and terminate these steps.
1.258     avankest 1861: 
                   1862:    <li>
                   1863:     <p>If <var>header</var> is a case-insensitive match for a single HTTP
1.299     avankest 1864:      response header, return the <a
                   1865:      href="#inflate-a-byte-sequence-into-a-domstring" title="inflate a byte
                   1866:      sequence into a DOMString">inflated</a> value of that header and
                   1867:      terminate these steps.
1.205     avankest 1868: 
                   1869:    <li>
1.241     avankest 1870:     <p>Return null.
1.205     avankest 1871:   </ol>
                   1872: 
                   1873:   <div class=example>
1.252     avankest 1874:    <p>For the following script:</p>
                   1875: 
                   1876:    <pre><code>var client = new XMLHttpRequest();
                   1877: client.open("GET", "unicorns-are-teh-awesome.txt", true);
1.6       avankest 1878: client.send();
1.16      avankest 1879: client.onreadystatechange = function() {
1.252     avankest 1880:   if(this.readyState == 2) {
                   1881:     print(client.getResponseHeader("Content-Type"));
                   1882:   }
                   1883: }</code></pre>
                   1884: 
                   1885:    <p>The <code>print()</code> function will get to process something like:</p>
1.1       avankest 1886: 
1.252     avankest 1887:    <pre><code>text/plain; charset=UTF-8</code></pre>
1.205     avankest 1888:   </div>
                   1889: 
1.250     avankest 1890:   <h4 id=the-getallresponseheaders-method><span class=secno>3.7.4. </span>The
1.205     avankest 1891:    <code title="">getAllResponseHeaders()</code> method</h4>
1.2       avankest 1892: 
1.283     avankest 1893:   <dl class=domintro>
1.298     avankest 1894:    <dt><var title="">client</var> . <a
                   1895:     href="#dom-xmlhttprequest-getallresponseheaders"><code
                   1896:     title=dom-XMLHttpRequest-getAllResponseHeaders>getAllResponseHeaders()</code></a>
1.283     avankest 1897: 
                   1898:    <dd>
                   1899:     <p>Returns all headers from the response, with the exception of those
                   1900:      whose field name is <code>Set-Cookie</code> or <code>Set-Cookie2</code>.
                   1901:   </dl>
                   1902: 
1.298     avankest 1903:   <p>When the <dfn id=dom-xmlhttprequest-getallresponseheaders
                   1904:    title=dom-XMLHttpRequest-getAllResponseHeaders><code>getAllResponseHeaders()</code></dfn>
1.275     avankest 1905:    method is invoked, the user agent <em class=ct>must</em> run the following
                   1906:    steps:
1.6       avankest 1907: 
1.205     avankest 1908:   <ol>
                   1909:    <li>
1.277     avankest 1910:     <p>If the state is <a href="#dom-xmlhttprequest-unsent"
                   1911:      title=dom-XMLHttpRequest-UNSENT>UNSENT</a> or <a
                   1912:      href="#dom-xmlhttprequest-opened"
                   1913:      title=dom-XMLHttpRequest-OPENED>OPENED</a> return the empty string and
                   1914:      terminate these steps.
1.205     avankest 1915: 
                   1916:    <li>
                   1917:     <p>If the <a href="#error-flag">error flag</a> is true return the empty
                   1918:      string and terminate these steps.
                   1919: 
                   1920:    <li>
1.258     avankest 1921:     <p>Return all the HTTP headers, excluding headers that are a
                   1922:      case-insensitive match for <code>Set-Cookie</code> or
1.299     avankest 1923:      <code>Set-Cookie2</code>, <a
                   1924:      href="#inflate-a-byte-sequence-into-a-domstring" title="inflate a byte
                   1925:      sequence into a DOMString">inflated</a>, as a single string, with each
                   1926:      header line separated by a U+000D CR U+000A LF pair, excluding the
                   1927:      status line, and with each header name and header value separated by a
                   1928:      U+003A COLON U+0020 SPACE pair.
1.205     avankest 1929:   </ol>
                   1930: 
                   1931:   <div class=example>
1.252     avankest 1932:    <p>For the following script:</p>
                   1933: 
                   1934:    <pre><code>var client = new XMLHttpRequest();
                   1935: client.open("GET", "narwhals-too.txt", true);
1.205     avankest 1936: client.send();
                   1937: client.onreadystatechange = function() {
1.312     avankest 1938:   if(this.readyState == 2) {
                   1939:     print(this.getAllResponseHeaders());
                   1940:   }
1.252     avankest 1941: }</code></pre>
                   1942: 
                   1943:    <p>The <code>print()</code> function will get to process something like:</p>
1.205     avankest 1944: 
1.252     avankest 1945:    <pre><code>Date: Sun, 24 Oct 2004 04:58:38 GMT
1.205     avankest 1946: Server: Apache/1.3.31 (Unix)
                   1947: Keep-Alive: timeout=15, max=99
                   1948: Connection: Keep-Alive
                   1949: Transfer-Encoding: chunked
                   1950: Content-Type: text/plain; charset=utf-8</code></pre>
                   1951:   </div>
                   1952: 
1.250     avankest 1953:   <h4 id=response-entity-body0><span class=secno>3.7.5. </span>Response
1.248     avankest 1954:    Entity Body</h4>
1.250     avankest 1955: 
                   1956:   <p>The <dfn id=response-mime-type>response MIME type</dfn> is the MIME type
                   1957:    the <code>Content-Type</code> header contains without any parameters or
                   1958:    null if the header could not be parsed properly or was omitted. The <dfn
                   1959:    id=override-mime-type>override MIME type</dfn> is always null. <dfn
                   1960:    id=final-mime-type>Final MIME type</dfn> is the override MIME type unless
                   1961:    that is null in which case it is the response MIME type.
                   1962: 
                   1963:   <p>The <dfn id=response-charset>response charset</dfn> is the value of the
                   1964:    <code>charset</code> parameter of the <code>Content-Type</code> header or
                   1965:    null if there was no <code>charset</code> parameter or if the header could
                   1966:    not be parsed properly or was omitted. The <dfn
                   1967:    id=override-charset>override charset</dfn> is always null. <dfn
                   1968:    id=final-charset>Final charset</dfn> is the override charset unless that
                   1969:    is null in which case it is the response charset.
                   1970: 
                   1971:   <p class=note><a href="#override-mime-type">Override MIME type</a> and <a
                   1972:    href="#override-charset">override charset</a> are introduced here solely
                   1973:    to make editing several levels of XMLHttpRequest simultaneously somewhat
                   1974:    easier. Apologies for any confusion they might cause.
                   1975: 
                   1976:   <hr>
1.205     avankest 1977: 
                   1978:   <p>The <dfn id=response-entity-body>response entity body</dfn> is the
1.257     avankest 1979:    fragment of the <a href="#entity-body">entity body</a> of the response
1.277     avankest 1980:    received so far (<a href="#dom-xmlhttprequest-loading"
                   1981:    title=dom-XMLHttpRequest-LOADING>LOADING</a>) or the complete entity body
                   1982:    of the response (<a href="#dom-xmlhttprequest-done"
                   1983:    title=dom-XMLHttpRequest-DONE>DONE</a>). If the response does not have an
                   1984:    entity body the response entity body is null.
1.257     avankest 1985: 
                   1986:   <p class=note>The <a href="#response-entity-body">response entity body</a>
1.276     avankest 1987:    is updated as part of the <a href="#dom-xmlhttprequest-send"><code
                   1988:    title=dom-XMLHttpRequest-send>send()</code></a> algorithm.
1.205     avankest 1989: 
                   1990:   <hr>
                   1991: 
                   1992:   <p>The <dfn id=text-response-entity-body>text response entity body</dfn> is
                   1993:    a <code>DOMString</code> representing the <a
1.250     avankest 1994:    href="#response-entity-body">response entity body</a>. The text response
                   1995:    entity body is the return value of the following algorithm:
1.205     avankest 1996: 
                   1997:   <ol>
                   1998:    <li>
1.250     avankest 1999:     <p>If the response entity body is null return the empty string and
                   2000:      terminate these steps.</p>
                   2001: 
                   2002:    <li>
                   2003:     <p>Let <var>charset</var> be the <a href="#final-charset">final
                   2004:      charset</a>.
1.205     avankest 2005: 
                   2006:    <li>
1.250     avankest 2007:     <p>Let <var>mime</var> be the <a href="#final-mime-type">final MIME
                   2008:      type</a>.
1.205     avankest 2009: 
                   2010:    <li>
1.250     avankest 2011:     <p>If <var>charset</var> is null and <var>mime</var> is null,
1.205     avankest 2012:      <code>text/xml</code>, <code>application/xml</code> or ends in <code
1.250     avankest 2013:      title="">+xml</code> use the rules set forth in the XML specifications
                   2014:      to determine the character encoding. Let <var>charset</var> be the
                   2015:      determined character encoding.
1.205     avankest 2016: 
                   2017:    <li>
1.250     avankest 2018:     <p>If <var>charset</var> is null and <var>mime</var> is
                   2019:      <code>text/html</code> follow the rules set forth in the HTML
                   2020:      specification to determine the character encoding. Let
1.205     avankest 2021:      <var>charset</var> be the determined character encoding. [<cite><a
1.330   ! avankest 2022:      href="#ref-html">HTML</a></cite>]
1.205     avankest 2023: 
                   2024:    <li>
                   2025:     <p>If <var>charset</var> is null then, for each of the rows in the
                   2026:      following table, starting with the first one and going down, if the
                   2027:      first bytes of <var>bytes</var> match the bytes given in the first
                   2028:      column, then let <var>charset</var> be the encoding given in the cell in
                   2029:      the second column of that row. If there is no match <var>charset</var>
                   2030:      remains null.</p>
                   2031: 
                   2032:     <table>
                   2033:      <thead>
                   2034:       <tr>
                   2035:        <th>Bytes in Hexadecimal
                   2036: 
                   2037:        <th>Description
                   2038: 
1.239     avankest 2039:      <tbody>
1.205     avankest 2040:       <tr>
                   2041:        <td>FE FF
                   2042: 
                   2043:        <td>UTF-16BE BOM
                   2044: 
                   2045:       <tr>
                   2046:        <td>FF FE
                   2047: 
                   2048:        <td>UTF-16LE BOM
                   2049: 
                   2050:       <tr>
                   2051:        <td>EF BB BF
                   2052: 
1.239     avankest 2053:        <td>UTF-8 BOM
1.205     avankest 2054:     </table>
                   2055: 
                   2056:    <li>
                   2057:     <p>If <var>charset</var> is null let <var>charset</var> be UTF-8.
                   2058: 
                   2059:    <li>
                   2060:     <p>Return the result of decoding the response entity body using
                   2061:      <var>charset</var>. Replace bytes or sequences of bytes that are not
1.250     avankest 2062:      valid accordng to the <var>charset</var> with a single U+FFFD
1.320     avankest 2063:      REPLACEMENT CHARACTER character. Remove one leading U+FEFF BYTE ORDER
                   2064:      MARK character, if present.
1.205     avankest 2065:   </ol>
                   2066: 
1.320     avankest 2067:   <p class=note>Authors are strongly encouraged to always encode their
                   2068:    resources using UTF-8.
1.205     avankest 2069: 
                   2070:   <hr>
                   2071: 
1.250     avankest 2072:   <p>The <dfn id=document-response-entity-body>document response entity
                   2073:    body</dfn> is either a <code>Document</code> representing the <a
1.326     avankest 2074:    href="#response-entity-body">response entity body</a> or null. If it is a
                   2075:    <code>Document</code> its <a href="#origin">origin</a> is the <a
                   2076:    href="#xmlhttprequest-origin"><code>XMLHttpRequest</code> origin</a>. If
                   2077:    the <a href="#document-response-entity-body">document response entity
                   2078:    body</a> has no value assigned to it let it be the return value of the
                   2079:    following algorithm:
1.89      avankest 2080: 
1.205     avankest 2081:   <ol>
                   2082:    <li>
                   2083:     <p>If the <a href="#response-entity-body">response entity body</a> is
1.313     avankest 2084:      null, return null and terminate these steps.
1.6       avankest 2085: 
1.205     avankest 2086:    <li>
1.250     avankest 2087:     <p>If <a href="#final-mime-type">final MIME type</a> is not null,
1.300     avankest 2088:      <code>text/xml</code>, <code>application/xml</code>, or does not end in
1.313     avankest 2089:      <code title="">+xml</code>, return null and terminate these steps.
1.12      avankest 2090: 
1.205     avankest 2091:    <li>
1.325     avankest 2092:     <p>Let <var>document</var> be a <code>Document</code> object that
                   2093:      represents the result of parsing the <a
                   2094:      href="#response-entity-body">response entity body</a> into a document
                   2095:      tree following the rules set forth in the XML specifications. If that
                   2096:      fails (unsupported character encoding, namespace well-formedness error
                   2097:      et cetera) return null and terminate these steps. [<cite><a
                   2098:      href="#ref-xml">XML</a></cite>]</p>
1.6       avankest 2099: 
1.205     avankest 2100:     <p class=note>Scripts in the resulting document tree will not be
                   2101:      executed, resources referenced will not be loaded and no associated XSLT
                   2102:      will be applied.</p>
1.325     avankest 2103:     <!-- XXX more formally?! -->
1.76      avankest 2104: 
1.205     avankest 2105:    <li>
1.250     avankest 2106:     <p>Return <var>document</var>.
1.205     avankest 2107:   </ol>
1.76      avankest 2108: 
1.250     avankest 2109:   <h4 id=the-responsetext-attribute><span class=secno>3.7.6. </span>The <code
1.205     avankest 2110:    title="">responseText</code> attribute</h4>
1.12      avankest 2111: 
1.281     avankest 2112:   <dl class=domintro>
                   2113:    <dt><var title="">client</var> . <a
                   2114:     href="#dom-xmlhttprequest-responsetext"><code
                   2115:     title=dom-XMLHttpRequest-responseText>responseText</code></a>
                   2116: 
                   2117:    <dd>
                   2118:     <p>Returns the <a href="#text-response-entity-body">text response entity
1.309     avankest 2119:      body</a>.</p>
1.281     avankest 2120:   </dl>
                   2121: 
                   2122:   <p>The <dfn id=dom-xmlhttprequest-responsetext
                   2123:    title=dom-XMLHttpRequest-responseText><code>responseText</code></dfn>
1.275     avankest 2124:    attribute <em class=ct>must</em> return the result of running these steps:
1.6       avankest 2125: 
1.205     avankest 2126:   <ol>
                   2127:    <li>
1.277     avankest 2128:     <p>If the state is not <a href="#dom-xmlhttprequest-loading"
                   2129:      title=dom-XMLHttpRequest-LOADING>LOADING</a> or <a
                   2130:      href="#dom-xmlhttprequest-done" title=dom-XMLHttpRequest-DONE>DONE</a>
1.205     avankest 2131:      return the empty string and terminate these steps.
1.12      avankest 2132: 
1.205     avankest 2133:    <li>
1.317     avankest 2134:     <p>If the <a href="#error-flag">error flag</a> is true return the empty
                   2135:      string and terminate these steps.
                   2136: 
                   2137:    <li>
1.205     avankest 2138:     <p>Return the <a href="#text-response-entity-body">text response entity
                   2139:      body</a>.
                   2140:   </ol>
1.2       avankest 2141: 
1.250     avankest 2142:   <h4 id=the-responsexml-attribute><span class=secno>3.7.7. </span>The <code
1.205     avankest 2143:    title="">responseXML</code> attribute</h4>
1.2       avankest 2144: 
1.281     avankest 2145:   <dl class=domintro>
                   2146:    <dt><var title="">client</var> . <a
                   2147:     href="#dom-xmlhttprequest-responsexml"><code
                   2148:     title=dom-XMLHttpRequest-responseXML>responseXML</code></a>
                   2149: 
                   2150:    <dd>
                   2151:     <p>Returns the <a href="#document-response-entity-body">document response
1.309     avankest 2152:      entity body</a>.</p>
1.281     avankest 2153:   </dl>
                   2154: 
                   2155:   <p>The <dfn id=dom-xmlhttprequest-responsexml
                   2156:    title=dom-XMLHttpRequest-responseXML><code>responseXML</code></dfn>
                   2157:    attribute <em class=ct>must</em> return the result of running these steps:
1.2       avankest 2158: 
1.205     avankest 2159:   <ol>
                   2160:    <li>
1.277     avankest 2161:     <p>If the state is not <a href="#dom-xmlhttprequest-done"
                   2162:      title=dom-XMLHttpRequest-DONE>DONE</a> return null and terminate these
                   2163:      steps.
1.2       avankest 2164: 
1.205     avankest 2165:    <li>
1.317     avankest 2166:     <p>If the <a href="#error-flag">error flag</a> is true return null and
                   2167:      terminate these steps.
                   2168: 
                   2169:    <li>
1.250     avankest 2170:     <p>Return the <a href="#document-response-entity-body">document response
                   2171:      entity body</a>.
1.205     avankest 2172:   </ol>
1.2       avankest 2173: 
1.250     avankest 2174:   <h2 id=exceptions><span class=secno>4. </span>Exceptions</h2>
1.33      avankest 2175: 
1.139     avankest 2176:   <p>Several algorithms in this specification may result in an exception
                   2177:    being thrown. These exceptions are all part of the group
1.186     avankest 2178:    <code>ExceptionCode</code> and use the <code>DOMException</code> object,
1.139     avankest 2179:    which is defined in DOM Level 3 Core. In addition this specification
                   2180:    extends the <code>ExceptionCode</code> group with several new constants as
1.146     avankest 2181:    indicated below. [<cite><a href="#ref-dom3core">DOM3Core</a></cite>]
1.139     avankest 2182: 
1.194     avankest 2183:   <p class=note>Thus, exceptions used by this specification and not defined
                   2184:    in this section are defined by DOM Level 3 Core.
                   2185: 
1.34      avankest 2186:   <pre
1.139     avankest 2187:    class=idl>const unsigned short <a href="#security-err">SECURITY_ERR</a> = 18;
1.200     avankest 2188: const unsigned short <a href="#network-err">NETWORK_ERR</a> = 19;
                   2189: const unsigned short <a href="#abort-err">ABORT_ERR</a> = 20;</pre>
1.33      avankest 2190: 
1.139     avankest 2191:   <p>The <dfn id=security-err><code>SECURITY_ERR</code></dfn> exception is
                   2192:    raised if an attempt is made to perform an operation or access some data
                   2193:    in a way that would be a security risk or a violation of the user agent's
                   2194:    security policy.</p>
                   2195:   <!-- http://lists.w3.org/Archives/Public/public-webapi/2006May/0027.html -->
                   2196: 
1.35      avankest 2197:   <p>The <dfn id=network-err><code>NETWORK_ERR</code></dfn> exception is
1.139     avankest 2198:    raised when a network error occurs in synchronous requests.
1.122     avankest 2199: 
1.139     avankest 2200:   <p>The <dfn id=abort-err><code>ABORT_ERR</code></dfn> exception is raised
1.122     avankest 2201:    when the user aborts a request in synchronous requests.
                   2202: 
1.242     avankest 2203:   <p class=note>These exceptions will be folded into an update of DOM Level 3
                   2204:    Core in due course, as they are appropriate for other API specifications
1.200     avankest 2205:    as well.
                   2206: 
1.250     avankest 2207:   <h2 class=no-num id=references>References</h2>
1.2       avankest 2208: 
1.178     avankest 2209:   <p>Unless marked "Non-normative" these references are normative.
                   2210: 
1.7       avankest 2211:   <dl>
1.232     avankest 2212:    <dt>[<dfn id=ref-cookies>COOKIES</dfn>]
1.205     avankest 2213: 
1.273     avankest 2214:    <dd><cite><a
                   2215:     href="http://tools.ietf.org/html/draft-ietf-httpstate-cookie">HTTP State
                   2216:     Management Mechanism</a></cite> (work in progress), A. Barth. IETF.
1.205     avankest 2217: 
1.156     avankest 2218:    <dt>[<dfn id=ref-dom2events>DOM2Events</dfn>]
                   2219: 
                   2220:    <dd><cite><a href="http://www.w3.org/TR/DOM-Level-2-Events/">Document
1.272     avankest 2221:     Object Model (DOM) Level 2 Events Specification</a></cite>, T. Pixley.
                   2222:     W3C.
1.156     avankest 2223: 
1.146     avankest 2224:    <dt>[<dfn id=ref-dom3core>DOM3Core</dfn>]
1.2       avankest 2225: 
1.15      avankest 2226:    <dd><cite><a href="http://www.w3.org/TR/DOM-Level-3-Core">Document Object
                   2227:     Model (DOM) Level 3 Core Specification</a></cite>, A. Le Hors, P. Le
1.272     avankest 2228:     H&eacute;garet, L. Wood, G. Nicol, J. Robie, M. Champion, S. Byrne. W3C.
1.2       avankest 2229: 
1.39      avankest 2230:    <dt>[<dfn id=ref-ecmascript>ECMAScript</dfn>]
1.18      avankest 2231: 
                   2232:    <dd><cite><a
                   2233:     href="http://www.ecma-international.org/publications/standards/Ecma-262.htm">ECMAScript
1.272     avankest 2234:     Language Specification</a></cite>. ECMA.
1.18      avankest 2235: 
1.330   ! avankest 2236:    <dt>[<dfn id=ref-html>HTML</dfn>]
1.143     avankest 2237: 
1.252     avankest 2238:    <dd><cite><a href="http://www.w3.org/html/wg/html5/">HTML5</a></cite>
1.272     avankest 2239:     (work in progress), I. Hickson. W3C.
1.172     avankest 2240: 
                   2241:    <dd><cite><a
1.330   ! avankest 2242:     href="http://www.whatwg.org/specs/web-apps/current-work/">HTML</a></cite>,
        !          2243:     I. Hickson. WHATWG.
1.18      avankest 2244: 
1.199     avankest 2245:    <dt>[<dfn id=ref-httpverbsec>HTTPVERBSEC</dfn>]
                   2246: 
                   2247:    <dd>(Non-normative) <cite><a
                   2248:     href="http://www.kb.cert.org/vuls/id/867593">Multiple vendors' web
                   2249:     servers enable HTTP TRACE method by default</a></cite>, US-CERT.
                   2250: 
                   2251:    <dd>(Non-normative) <cite><a
                   2252:     href="http://www.kb.cert.org/vuls/id/288308">Microsoft Internet
                   2253:     Information Server (IIS) vulnerable to cross-site scripting via HTTP
                   2254:     TRACK method</a></cite>, US-CERT.
                   2255: 
                   2256:    <dd>(Non-normative) <cite><a
                   2257:     href="http://www.kb.cert.org/vuls/id/150227">HTTP proxy default
                   2258:     configurations allow arbitrary TCP connections</a></cite>, US-CERT.
                   2259: 
1.250     avankest 2260:    <dt>[<dfn id=ref-rfc2046>RFC2046</dfn>]
                   2261: 
                   2262:    <dd><cite><a href="http://ietf.org/rfc/rfc2046">Multipurpose Internet Mail
                   2263:     Extensions (MIME) Part Two: Media Types</a></cite>, N. Freed, N.
1.272     avankest 2264:     Borenstein. IETF.
1.250     avankest 2265: 
1.146     avankest 2266:    <dt>[<dfn id=ref-rfc2119>RFC2119</dfn>]
1.15      avankest 2267: 
1.118     avankest 2268:    <dd><cite><a href="http://ietf.org/rfc/rfc2119">Key words for use in RFCs
1.272     avankest 2269:     to Indicate Requirement Levels</a></cite>, S. Bradner. IETF.
1.15      avankest 2270: 
1.250     avankest 2271:    <dt>[<dfn id=rfc-rfc2616>RFC2616</dfn>]
1.15      avankest 2272: 
                   2273:    <dd><cite><a href="http://ietf.org/rfc/rfc2616">Hypertext Transfer
                   2274:     Protocol -- HTTP/1.1</a></cite>, R. Fielding, J. Gettys, J. Mogul, H.
1.272     avankest 2275:     Frystyk, L. Masinter, P. Leach, T. Berners-Lee. IETF.
1.15      avankest 2276: 
1.39      avankest 2277:    <dt>[<dfn id=ref-rfc2617>RFC2617</dfn>]
1.15      avankest 2278: 
                   2279:    <dd><cite><a href="http://ietf.org/rfc/rfc2617">HTTP Authentication: Basic
1.93      avankest 2280:     and Digest Access Authentication</a></cite>, P. Hallam-Baker, J.
1.272     avankest 2281:     Hostetler, S. Lawrence, P. Leach, A. Luotonen, L. Stewart. IETF.
1.2       avankest 2282: 
1.39      avankest 2283:    <dt>[<dfn id=ref-rfc3986>RFC3986</dfn>]
1.2       avankest 2284: 
1.15      avankest 2285:    <dd><cite><a href="http://ietf.org/rfc/rfc3986">Uniform Resource
                   2286:     Identifier (URI): Generic Syntax</a></cite>, T. Berners-Lee, R. Fielding,
1.272     avankest 2287:     L. Masinter. IETF.
1.188     avankest 2288: 
1.250     avankest 2289:    <dt>[<dfn id=ref-rfc3987>RFC3987</dfn>]
                   2290: 
                   2291:    <dd><cite><a href="http://ietf.org/rfc/rfc3987">Internationalized Resource
1.272     avankest 2292:     Identifiers (IRIs)</a></cite>, M. Duerst, M. Suignard. IETF.
1.250     avankest 2293: 
1.205     avankest 2294:    <dt>[<dfn id=ref-webidl>WebIDL</dfn>]
1.182     avankest 2295: 
1.201     avankest 2296:    <dd><cite><a href="http://dev.w3.org/2006/webapi/WebIDL/">Web
1.272     avankest 2297:     IDL</a></cite> (work in progress), C. McCormack. W3C.</dd>
1.252     avankest 2298:    <!-- XXX add Sam -->
1.182     avankest 2299: 
1.43      avankest 2300:    <dt>[<dfn id=ref-xml>XML</dfn>]
                   2301: 
                   2302:    <dd><cite><a href="http://www.w3.org/TR/xml/">Extensible Markup Language
1.272     avankest 2303:     (XML) 1.0</a></cite>, T. Bray, J. Paoli, C. Sperberg-McQueen, E. Maler,
                   2304:     F. Yergeau. W3C.
1.43      avankest 2305: 
1.272     avankest 2306:    <dd><cite><a href="http://www.w3.org/TR/xml-names/">Namespaces in
                   2307:     XML</a></cite>, T. Bray, D. Hollander, A. Layman, R. Tobin, H. S.
                   2308:     Thompson. W3C.
1.2       avankest 2309:   </dl>
                   2310: 
1.131     avankest 2311:   <h2 class=no-num id=acknowledgments>Acknowledgments</h2>
1.2       avankest 2312: 
1.164     avankest 2313:   <p>The editor would like to thank Addison Phillips, Ahmed Kamel, Alex
                   2314:    Hopmann, Alex Vincent, Alexey Proskuryakov, Asbj&oslash;rn Ulsberg, Boris
1.327     avankest 2315:    Zbarsky, Bj&ouml;rn H&ouml;hrmann, Cameron McCormack, Chris Marrin,
                   2316:    Christophe Jolif, Charles McCathieNevile, Dan Winship, David Andersson,
                   2317:    David Flanagan, David H&aring;s&auml;ther, David Levin, Dean Jackson,
                   2318:    Denis Sureau, Doug Schepers, Douglas Livingstone, Elliotte Harold, Eric
                   2319:    Lawrence, Eric Uhrhane, Erik Dahlstr&ouml;m, Geoffrey Sneddon, Gideon
                   2320:    Cohn, Gorm Haug Eriksen, H&aring;kon Wium Lie, Hallvord R. M. Steen, Huub
                   2321:    Schaeks, Ian Davis, Ian Hickson, Ivan Herman, Jeff Walden, Jens
                   2322:    Lindstr&ouml;m, Jim Deegan, Jim Ley, Joe Farro, Jonas Sicking, Julian
                   2323:    Reschke, Karl Dubost, Lachlan Hunt, Maciej Stachowiak, Magnus Kristiansen,
                   2324:    Marc Hadley, Marcos Caceres, Mark Baker, Mark Birbeck, Mark Nottingham,
                   2325:    Mark S. Miller, Martin Hassman, Mohamed Zergaoui, Olli Pettay, Pawel
                   2326:    Glowacki, Peter Michaux, Philip Taylor, Robin Berjon, Rune Halvorsen, Ruud
                   2327:    Steltenpool, Sergiu Dumitriu, Simon Pieters, Stewart Brodie, Sunava Dutta,
                   2328:    Thomas Roessler, Tom Magliery, and Zhenbin Xu for their contributions to
                   2329:    this specification.
1.2       avankest 2330: 
                   2331:   <p>Special thanks to the Microsoft employees who first implemented the
1.144     avankest 2332:    <code title="">XMLHttpRequest</code> interface, which was first widely
                   2333:    deployed by the Windows Internet Explorer browser.
1.2       avankest 2334: 
1.56      avankest 2335:   <p>Special thanks also to the WHATWG for drafting an initial version of
1.131     avankest 2336:    this specification in their Web Applications 1.0 document (now renamed to
1.330   ! avankest 2337:    HTML). [<cite><a href="#ref-html">HTML</a></cite>]
1.2       avankest 2338: 
                   2339:   <p>Thanks also to all those who have helped to improve this specification
                   2340:    by sending suggestions and corrections. (Please, keep bugging us with your
                   2341:    issues!)

Webmaster