From Web Security
See also: Current Editor's Draft
The XMLHttpRequest specification defines an API that provides scripted client functionality for transferring data between a client and a server.
- Specification does not include any security considerations.
- Specification defines a version of the same-origin policy in 4.6.1 The open() method