From Web Security


Current W3C Working Draft: Last Call Working Draft 2009-11-19. Last Call ends on 15 December 2009. Comments should be sent to public-webapps@w3.org.

See also: Current Editor's Draft


The XMLHttpRequest specification defines an API that provides scripted client functionality for transferring data between a client and a server.

Review Notes

  • Specification does not include any security considerations.
  • Specification defines a version of the same-origin policy in 4.6.1 The open() method