This specification standardizes an API to allow merchants (i.e. web
sites selling physical or digital goods) to utilize one or more payment
methods with minimal integration. User agents (e.g., browsers)
facilitate the payment flow between merchant and user.
The deadline for comments for Candidate Recommendation is 31 October
2017.
If you wish to make comments regarding this document, please raise
them as GitHub issues.
Only send comments by email if you are unable to raise issues on
GitHub (see links below). All comments are welcome.
The working group will demonstrate implementation experience by
producing an implementation
report. The report will show two or more independent
implementations passing each mandatory test in the test suite (i.e., each test
corresponds to a MUST requirement of the specification).
There has been no change in dependencies on other workings groups
during the development of this specification.
Features at risk
As this specification enters the Candidate Recommendation phase of
the W3C standardization process, the working group has identified the
following feature(s) as being "at risk" of being removed
from the specification. The working group seeks input from
implementers, developers, and the general public on whether these
features should remain in the specification. If no compelling use
cases are received, or if there is limited interest from
implementers, these features will be removed from the specification
before proceeding along the W3C Recommendation track.
This specification describes an API that allows user agents
(e.g., browsers) to act as an intermediary between three parties in a
transaction:
the payee: the merchant that runs an online store, or other party
that requests to be paid.
the payer: the party that makes a purchase at that online store,
and who authenticates and authorizes payment as required.
the payment method provider:
the party that provides the means (e.g., credit card) that the payer
uses to pay, and that is accepted by the payee.
The details of how to fulfill a payment request for a given payment
method are handled by payment
handlers. In this specification, these details are left up to the
user agent, but future specifications may expand on the
processing model in more detail.
This API also enables web sites to take advantage of more secure
payment schemes (e.g., tokenization and system-level authentication)
that are not possible with standard JavaScript libraries. This has the
potential to reduce liability for the merchant and helps protect
sensitive user information.
Goals
Allow the user agent to act as intermediary between merchants,
users, and payment method providers.
Enable user agents to streamline the user's payment experience by
taking into account user preferences, merchant information, security
considerations, and other factors.
Standardize (to the extent that it makes sense) the communication
flow between a merchant, user agent, and payment method
provider.
Enable payment method providers to bring more secure
payment transactions to the web.
In order to use the API, the developer needs to provide and keep track
of a number of key pieces of information. These bits of information are
passed to the PaymentRequest constructor as arguments, and
subsequently used to update the payment request being displayed to the
user. Namely, these bits of information are:
The methodData: A sequence of PaymentMethodDatas
that represents the payment methods that the site supports
(e.g., "we support card-based payments, but only Visa and MasterCard
credit cards.").
The details: The details of the transaction, as a
PaymentDetailsInit dictionary. This includes total cost, and
optionally a list of goods or services being purchased, for physical
goods, and shipping options. Additionally, it can optionally include
"modifiers" to how payments are made. For example, "if you pay with a
credit card of type X, it incurs a US$3.00 processing fee".
The options: Optionally, a list of things as
PaymentOptions that the site needs to deliver the good or
service (e.g., for physical goods, the merchant will typically need an
physical address to ship to. For digital goods, an email will usually
suffice).
Once a PaymentRequest is constructed, it's presented to the end
user via the show() method. The show() returns a promise
that, once the user confirms request for payment, results in a
PaymentResponse.
Having gathered all the prerequisite bits of information, we can now
construct a PaymentRequest and request that the browser
present it to the user:
async function doPaymentRequest() {
try {
const request = new PaymentRequest(methodData, details, options);
// See below for a detailed example of handling these events
request.onshippingaddresschange = ev => ev.updateWith(details);
request.onshippingoptionchange = ev => ev.updateWith(details);
const response = await request.show();
await validateResponse(response);
} catch (err) {
// AbortError, SecurityError
console.error(err);
}
}
async function validateResponse(response) {
try {
if (await checkAllValuesAreGood(response)) {
await response.complete("success");
} else {
await response.complete("fail");
}
} catch (err) {
// Something went wrong...
await response.complete("fail");
}
}
doPaymentRequest();
Handling events and updating the payment request
Prior to the user accepting to make payment, the site is given an
opportunity to update the payment request in response to user input.
This can include, for example, providing additional shipping options
(or modifying their cost), removing items that cannot ship to a
particular address, etc.
const request = new PaymentRequest(methodData, details, options);
// Async update to details
request.onshippingaddresschange = ev => {
ev.updateWith(checkShipping(request));
};
// Sync update to the total
request.onshippingoptionchange = ev => {
const shippingOption = shippingOptions.find(
option => option.id === request.id
);
const newTotal = {
currency: "USD",
label: "Total due",
value: calculateNewTotal(shippingOption),
};
ev.updateWith({ ...details, total: newTotal });
};
async function checkShipping(request) {
try {
const json = request.shippingAddress.toJSON();
await ensureCanShipTo(json);
const { shippingOptions, total } = await calculateShipping(json);
return { ...details, shippingOptions, total };
} catch (err) {
return { ...details, error: `Sorry! we can't ship to your address.` };
}
}
POSTing payment response back to a server
It's expected that data in a PaymentResponse will be POSTed
back to a server for processing. To make this as easy as possible,
PaymentResponse provides a toJSON() method that
serializes the object directly into JSON. This makes it trivial to
POST the resulting JSON back to a server using the Fetch API:
async function doPaymentRequest() {
const payRequest = new PaymentRequest(methodData, details, options);
const payResponse = await payRequest.show();
let result = "";
try {
const httpResponse = await fetch("/process-payment", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: payResponse.toJSON(),
});
result = httpResponse.ok ? "success" : "fail";
} catch (err) {
console.error(err);
result = "fail";
}
await payResponse.complete(result);
}
doPaymentRequest();
A developer creates a PaymentRequest to make a payment
request. This is typically associated with the user initiating a
payment process (e.g., by activating a "Buy," "Purchase," or
"Checkout" button on a web site, selecting a "Power Up" in an
interactive game, or paying at a kiosk in a parking structure). The
PaymentRequest allows developers to exchange information with
the user agent while the user is providing input (up to the
point of user approval or denial of the payment request).
Because the simultaneous display of multiple PaymentRequest user
interfaces might confuse the user, this specification limits the
user agent to displaying one at a time via the show()
method. This is ensured by a payment request is showing
boolean.
Constructor
The PaymentRequest is constructed using the supplied
methodData list including any payment method
specific data, the payment
details, and the payment options.
The PaymentRequest(methodData,
details, options) constructor MUST
act as follows:
If
details.id is
missing, add an id
member to details and set its value to a
UUID
[[!RFC4122]].
Process payment methods:
If the length of the methodData sequence is zero,
then throw a TypeError, optionally informing the
developer that at least one payment method is required.
For each paymentMethod of methodData:
Run the steps
to
validate a payment method identifier with
paymentMethod.supportedMethods.
If it returns false, then throw a RangeError
exception and terminate this algorithm. Optionally, inform
the developer that the payment method identifier is
invalid.
If the data
member of paymentMethod is missing, let
serializedData be null. Otherwise, let
serializedData be the result of
JSON-serializingpaymentMethod.data
into a string. Rethrow any exceptions.
Add the tuple (paymentMethod.supportedMethods,
serializedData) to
serializedMethodData.
If the data member of
modifier is missing, let
serializedData be null. Otherwise, let
serializedData be the result of
JSON-serializingmodifier.data into a string.
Rethrow any exceptions.
Add serializedData to
serializedModifierData.
Remove the
data member of modifier, if it is
present.
The show() method is called when a developer wants to begin
user interaction for the payment request. The show() method
returns a Promise that will be resolved when the user
accepts the payment request. Some kind of user interface will
be presented to the user to facilitate the payment request after
the show() method returns.
During the Candidate Recommendation phase, implementations are
expected to experiment in this area. Developers using this API
should investigate and anticipate such experiments and understand
under what circumstances a "SecurityError"
DOMException might occur. If interoperable behavior
emerges amongst user agents, then that behavior will be
standardized here before progressing the specification along the
W3C Recommendation Track.
This allows the user agent to act as if the user had
immediately aborted
the payment request, at its discretion. For example, in
"private browsing" modes or similar, user agents might take
advantage of this step.
Let identifier be the first element in the
paymentMethod tuple.
Let data be the result of JSON-parsing the second element
in the paymentMethod tuple.
If required by the specification that defines the
identifer, then convertdata to an IDL value. Otherwise, convert to
object.
If conversion results in an error, reject
acceptPromise with that error and terminate this
algorithm.
If the user agent has a registered payment handler
that supports identifier, then check if the payment
handler is authorized and capable of handling the payment request
with data. If the check returns in the affirmative,
then add payment handler to handlers.
Otherwise, present a user interface to allow the user to interact
with the handlers. The user agent SHOULD prioritize
the preference of the user when presenting payment methods.
For the payment handler selected by the end-user, the user
agent MUST pass the converted
second element in the paymentMethod tuple. Optionally,
the user agent SHOULD send the appropriate data from
request to the user-selected payment handler in
order to guide the user through the payment process. This
includes the various attributes and internal slots of
request (some MAY be excluded for privacy reasons
where appropriate).
If document stops being fully active while the user interface is
being shown, or no longer is by the time this step is reached,
then the user interface SHOULD be hidden, and
acceptPromise SHOULD be rejected with an
"AbortError" DOMException.
abort() method
The abort() method is called if a developer wishes to tell
the user agent to abort the payment request and
to tear down any user interface that might be shown. The
abort() can only be called after the show() method
has been called (see states) and before this
instance's [[\acceptPromise]] has been resolved. For
example, developers might choose to do this if the goods they are
selling are only available for a limited amount of time. If the
user does not accept the payment request within the allowed time
period, then the request will be aborted.
A user agent might not always be able to abort a request.
For example, if the user agent has delegated responsibility
for the request to another app. In this situation, abort()
will reject the returned Promise.
The canMakePayment() method can be used by the developer to
determine if the PaymentRequest object can be used to make a
payment, before they call show(). It returns a Promise
that will be fulfilled with true if the user agent supports
any of the desired payment methods supplied to the
PaymentRequest constructor, and false if none are supported.
If the method is called too often, the user agent might instead
return a promise rejected with a "NotAllowedError"
DOMException, at its discretion.
This allows user agents to apply heuristics to detect and prevent
abuse of the canMakePayment() method for fingerprinting
purposes, such as creating PaymentRequest objects with a
variety of supported payment methods and calling
canMakePayment() on them one after the other. For example,
a user agent may restrict the number of successful calls that can
be made based on the top-level browsing context or the
time period in which those calls were made.
Instances of PaymentRequest are created with the internal
slots in the following table:
Internal Slot
Description (non-normative)
[[\serializedMethodData]]
The methodData supplied to the constructor, but
represented as tuples containing supported methods and a string
or null for data (instead of the original object form).
[[\serializedModifierData]]
A list containing the serialized string form of each data member for each
corresponding item in the sequence
[[\details]].modifier,
or null if no such member was present.
An object that provides optional information that might be needed by
the supported payment methods. If supplied, it will be
JSON-serialized.
The value of supportedMethods was changed from array to
string, but the name was left as a plural to maintain compatibility
with existing content on the Web.
PaymentCurrencyAmount dictionary
dictionary PaymentCurrencyAmount {
required DOMString currency;
required DOMString value;
// Note: currencySystem is "at risk" of being removed!
DOMString currencySystem = "urn:iso:std:iso:4217";
};
This feature has been marked "at risk". If you'd like for this
feature to remain in the specification, please describe your use case
in issue
490.
currencySystem member
A URL that indicates the currency system that the currency
identifier belongs to. By default, the value is
"urn:iso:std:iso:4217" indicating that currency
is defined by [[!ISO4217]] (for example, USD for US
Dollars).
currency member
A string containing a currency identifier. The value of
currency can be any string that is valid within the currency
system indicated by currencySystem.
When using [[!ISO4217]], all well-formed 3-letter
alphabetic codes are allowed (i.e., the numeric codes are not
supported). Their canonical form is upper case. However, the set of
combinations of currency code for which localized currency symbols
are available is implementation dependent. Where a localized
currency symbol is not available, a user agent SHOULD use U+00A4
(¤) for formatting. User agents MAY format the display of the
currency member to adhere to OS conventions (e.g., for
localization purposes).
If isValidCurrency is false, then throw a
RangeError exception and terminate this algorithm, optionally
informing the developer that the currency is invalid.
A sequence of PaymentItem dictionaries contains line items
for the payment request that the user agent MAY display.
shippingOptions member
A sequence containing the different shipping options for the user
to choose from.
If an item in the sequence has the selected member set to true,
then this is the shipping option that will be used by default and
shippingOption
will be set to the id
of this option without running the shipping option changed
algorithm. Authors SHOULD NOT set selected to true on more
than one item. If more than one item in the sequence has
selected set to
true, then the user agent selects the last one in the
sequence.
A sequence of PaymentDetailsModifier dictionaries that
contains modifiers for particular payment method identifiers. For
example, it allows you to adjust the total amount based on payment
method.
A human-readable string. When the payment request is updated using
updateWith(),
the PaymentDetailsUpdate can contain a message in the
error member that will be displayed to the user, if the
PaymentDetailsUpdate indicates that there are no valid
shippingOptions
(and the PaymentRequest was constructed with the requestShipping option set to
true). This can be used to explain why goods cannot be shipped to
the chosen shipping address, or any other reason why no shipping
options are available.
A sequence of PaymentItem dictionaries provides additional
display items that are appended to the displayItems member in the
PaymentDetailsBase dictionary for the payment method
identifiers in the supportedMethods member. This member is
commonly used to add a discount or surcharge line item indicating the
reason for the different total amount for the selected
payment method that the user agent MAY display.
This is the default and refers to the address being collected as the
destination for shipping.
"delivery"
This refers to the address being collected as being used for
delivery. This is commonly faster than shipping. For example, it
might be used for food delivery.
"pickup"
This refers to the address being collected as part of a service
pickup. For example, this could be the address for laundry pickup.
The PaymentOptions dictionary is passed to the
PaymentRequest constructor and provides information about the
options desired for the payment request.
requestPayerName member
A boolean that indicates whether the user agent SHOULD collect
and return the payer's name as part of the payment request. For
example, this would be set to true to allow a merchant to make a
booking in the payer's name.
requestPayerEmail member
A boolean that indicates whether the user agent SHOULD collect
and return the payer's email address as part of the payment request.
For example, this would be set to true to allow a merchant to email a
receipt.
requestPayerPhone member
A boolean that indicates whether the user agent SHOULD collect
and return the payer's phone number as part of the payment request.
For example, this would be set to true to allow a merchant to phone a
customer with a billing enquiry.
requestShipping member
A boolean that indicates whether the user agent SHOULD collect
and return a shipping address as part of the payment request. For
example, this would be set to true when physical goods need to be
shipped by the merchant to the user. This would be set to false for
the purchase of digital goods.
shippingType member
A ShippingType enum value. Some transactions require an
address for delivery but the term "shipping" isn't appropriate. For
example, "pizza delivery" not "pizza shipping" and "laundry pickup"
not "laundry shipping". If requestShipping is set to true,
then the shippingType member can influence the way the user
agent presents the user interface for gathering the shipping
address.
The shippingType member only affects the user interface for
the payment request.
A sequence of one or more PaymentItem dictionaries is included
in the PaymentDetailsBase dictionary to indicate what the
payment request is for and the value asked for.
label member
A human-readable description of the item. The user agent may
display this to the user.
A boolean. When set to true it means that the amount member is
not final. This is commonly used to show items such as shipping or
tax amounts that depend upon selection of shipping address or
shipping option. User agents MAY indicate pending fields in
the user interface for the payment request.
Set address.[[\addressLine]] to the result of
splitting the user-provided address line into a frozen array. If none was
provided, set it to the empty frozen array.
Set address.[[\country]] to the user-provided
country as an upper case [[!ISO3166]] alpha-2 code, or to the empty
string if none was provided.
Set the address.[[\phone]] to the user-provided
phone number for this shipping address, optionally formatted to
adhere to [[!E.164]], or to the empty string if none was provided.
An [[!ISO3166]] alpha-2 code. The canonical form is upper case.
For example, "JP".
[[\addressLine]]
The most specific part of the address. It can include, for
example, a street name, a house number, apartment number, a rural
delivery route, descriptive instructions, or a post office box
number.
[[\region]]
The top level administrative subdivision of the country. For
example, this can be a state, a province, an oblast, or a
prefecture.
[[\city]]
The city/town portion of the address.
[[\dependentLocality]]
The dependent locality or sublocality within a city. For example,
used for neighborhoods, boroughs, districts, or UK dependent
localities.
[[\postalCode]]
The postal code or ZIP code, also known as PIN code in India.
[[\sortingCode]]
The sorting code as used in, for example, France.
[[\languageCode]]
The [[!BCP47]] language tag for the address, in canonical form. It's used to determine
the field separators and the order of fields when formatting the
address for display.
[[\organization]]
The organization, firm, company, or institution at this address.
[[\recipient]]
The name of the recipient or contact person. This member may,
under certain circumstances, contain multiline information. For
example, it might contain "care of" information.
[[\phone]]
The phone number of the recipient or contact person.
The PaymentShippingOption dictionary has members describing a
shipping option. Developers can provide the user with one or more
shipping options by calling the updateWith() method in
response to a change event.
A boolean. When true, it indicates that this is the default selected
PaymentShippingOption in a sequence. User agents SHOULD
display this option by default in the user interface.
The corresponding payment request id that spawned this payment response.
complete() method
The complete() method is called after the user has accepted
the payment request and the [[\acceptPromise]] has been
resolved. Calling the complete() method tells the user
agent that the payment interaction is over (and SHOULD cause any
remaining user interface to be closed).
After the payment request has been accepted and the
PaymentResponse returned to the caller but before the caller
calls complete() the payment request user interface remains in
a pending state. At this point the user interface ought not offer a
cancel command because acceptance of the payment request has been
returned. However, if something goes wrong and the developer never
calls complete() then the user interface is blocked.
For this reason, implementations MAY impose a timeout for developers
to call complete(). If the timeout expires then the
implementation will behave as if complete() was called with no
arguments.
Return promise and perform the remaining steps in
parallel.
Close down any remaining user interface. The user agent
MAY use the value result to influence the user experience.
Resolve promise with undefined.
Internal Slots
Instances of PaymentResponse are created with the internal
slots in the following table:
Internal Slot
Description (non-normative)
[[\completeCalled]]
true if the complete
method has been called and false otherwise.
PaymentRequest and iframe elements
To indicate that a cross-origin iframe is allowed to invoke the
payment request API, the allowpaymentrequest attribute can be
specified on the iframe element.
The user agent SHOULD disable the user interface that
allows the user to accept the payment request. This is to ensure
that the payment is not accepted until developers have made changes
required by the change. Developers MUST settle the
detailsPromise to indicate that the payment request is
valid again.
Return from the method and perform the remaining steps in
parallel.
The remaining steps are conditional on the
detailsPromise settling. If
detailsPromise never settles then the payment
request is blocked. Users SHOULD always be able to cancel a
payment request. Implementations MAY choose to implement a
timeout for pending updates if detailsPromise
doesn't settle in a reasonable amount of time. If an
implementation chooses to implement a timeout, they must
execute the steps listed below in the "upon rejection" path.
Such a timeout is a fatal error for the payment request.
If the data member of
modifier is missing, let
serializedData be null. Otherwise, let
serializedData be the result of
JSON-serializingmodifier.data into a
string. If JSON-serializing throws an
exception, then abort the update with that
exception.
Add serializedData to
serializedModifierData.
Remove the data member of
modifier, if it is present.
If request.[[\options]].requestShipping is
true, and
request.[[\details]].shippingOptions
is empty, then the developer has signified that there are
no valid shipping options for the currently-chosen shipping
address (given by request's shippingAddress). In
this case, the user agent SHOULD display an error
indicating this, and MAY indicate that the currently-chosen
shipping address is invalid in some way. The user agent
SHOULD use the error member of
details, if it is present, to give more
information about why there are no valid shipping options
for that address.
In either case, run the following steps, after either the upon
rejection or upon fulfillment steps have concluded:
The user agent SHOULD update the user interface
based on any changed values in request. The user
agent SHOULD re-enable user interface elements that might have
been disabled in the steps above if appropriate.
If any of the above steps say to abort the update with
an exception exception, then:
Abort the current user interaction and close down any remaining
user interface.
Aborting the update is
performed when there is a fatal error updating the payment
request, such as the supplied detailsPromise
rejecting, or its fulfillment value containing invalid data. This
would potentially leave the payment request in an inconsistent
state since the developer hasn't successfully handled the change
event. Consequently, the PaymentRequest moves to a
"closed" state. The error is signaled to the developer
through the rejection of the [[\acceptPromise]], i.e., the
promise returned by show().
User agents might show an error message to the user when
this occurs.
The PaymentRequest updated algorithm is run by other
algorithms above to fire an event to indicate that a user has
made a change to a PaymentRequest called request
with an event name of name:
If the request.[[\updating]] is true, then
terminate this algorithm and take no further action. Only one update
may take place at a time. The user agent SHOULD ensure that
this never occurs.
If the request.[[\state]] is not set to
"interactive", then terminate this algorithm and take no
further action. The user agent user interface SHOULD ensure
that this never occurs.
If
event.[[\waitForUpdate]] is true, disable any part
of the user interface that could cause another update event to be
fired.
User accepts the payment request algorithm
The user accepts the
payment request algorithm runs when the user accepts the
payment request and confirms that they want to pay. It MUST queue
a task on the user interaction task source to perform the
following steps:
Let request be the PaymentRequest object that
the user is interacting with.
If the request.[[\updating]] is true, then
terminate this algorithm and take no further action. The user
agent user interface SHOULD ensure that this never occurs.
If request.[[\state]] is not
"interactive", then terminate this algorithm and take no
further action. The user agent user interface SHOULD ensure
that this never occurs.
If the requestShipping value of
request.[[\options]] is true, then if the
shippingAddress
attribute of request is null or if the shippingOption attribute of
request is null, then terminate this algorithm and take no
further action. The user agent SHOULD ensure that this never
occurs.
Set the details
attribute value of response to an object containing the
payment method specific object that will be used by the
merchant to process or validate the transaction. The format of this
response will be defined for each payment method.
If the requestPayerName value of
request.[[\options]] is true, then set the payerName attribute of
response to the payer's name provided by the user, or to
null if none was provided. Otherwise, set it to null.
If the requestPayerEmail value of
request.[[\options]] is true, then set the
payerEmail attribute of
response to the payer's email address provided by the
user, or to null if none was provided. Otherwise, set it to null.
If the requestPayerPhone value of
request.[[\options]] is true, then set the
payerPhone attribute of
response to the payer's phone number provided by the user,
or to null if none was provided. When setting the payerPhone value, the user agent
SHOULD format the phone number to adhere to [[!E.164]]. Otherwise,
set it to null.
The user aborts the
payment request algorithm runs when the user aborts the payment
request through the currently interactive user interface. It MUST
queue a task on the user interaction task source to
perform the following steps:
Let request be the PaymentRequest object that
the user is interacting with.
If the request.[[\updating]] is true, then
terminate this algorithm and take no further action. The user
agent user interface SHOULD ensure that this never occurs.
If request.[[\state]] is not
"interactive", then terminate this algorithm and take no
further action. The user agent user interface SHOULD ensure
that this never occurs.
The PaymentRequest API does not directly support encryption of
data fields. Individual payment methods may choose to include
support for encrypted data but it is not mandatory that all
payment methods support this.
Developers might try to call the payment request API repeatedly with
only one payment method identifier to try to determine what payment
methods a user agent has installed. There are legitimate
scenarios for calling repeatedly (for example, to control the flow of
payment method selection). The fact that a successful match to a
payment method causes a user interface to be displayed mitigates the
disclosure risk. Implementations MAY require a user action to
initiate a payment request or they MAY rate limit the calls to the
API to prevent too many repeated calls.
Dependencies
This specification relies on several other underlying specifications.
Payment Method Identifiers
The term payment method
identifier is defined by [[!payment-method-id]]. It's an unique
identifier for a payment method.
HTML
The following are defined by [[!HTML]]: EventHandler,
queue a
task, user interaction
task source, top-level browsing
context, current settings
object, allowed to use,
triggered by
user activation, in parallel, the
iframe
element, and the allowpaymentrequest
attribute.
ECMAScript
The terms Promise, internal
slot,
RangeError, TypeError,
and JSON.stringify are
defined by [[!ECMASCRIPT]].
The term JSON-serialize applied to
a given object means to run the algorithm specified by the original
value of the JSON.stringify function on the supplied object,
passing the supplied object as the sole argument, and return the
resulting string. This can throw an exception.
Writing Promise-Using Specifications
The terms upon
fulfillment and upon rejection are defined by
[[!PROMISES-GUIDE]].
DOM
The Event interface,
The EventInit dictionary, and the
terms fire an event,
dispatch flag,
stop propagation
flag, isTrusted attribute, and
stop immediate
propagation flag are defined by [[!DOM]].
Web IDL
When this specification says to throw an error, the user agent must
throw an error as described in [[!WEBIDL]]. When this occurs in a
sub-algorithm, this results in termination of execution of the
sub-algorithm and all ancestor algorithms until one is reached that
explicitly describes procedures for catching exceptions.
The algorithm for converting an ECMAScript value to a dictionary
is defined by [[!WEBIDL]].
DOMException and the
following DOMException types from [[!WEBIDL]] are used:
"AbortError",
"InvalidStateError",
"NotAllowedError",
"NotSupportedError", and
"SecurityError".
There is only one class of product that can claim conformance to this
specification: a user agent.
Although this specification is primarily targeted at web browsers, it
is feasible that other software could also implement this specification
in a conforming manner.
User agents MAY implement algorithms given in this specification in any
way desired, so long as the end result is indistinguishable from the
result that would be obtained by the specification's algorithms.
User agents MAY impose implementation-specific limits on otherwise
unconstrained inputs, e.g., to prevent denial of service attacks, to
guard against running out of memory, or to work around
platform-specific limitations. When an input exceeds
implementation-specific limit, the user agent MUST throw, or, in the
context of a promise, reject with, a TypeError optionally
informing the developer of how a particular input exceeded an
implementation-specific limit.
