Carousel objects access with XMLHttpRequest

Support in HbbTV

Available since: HbbTV 1.0 (ETSI TS 102 796 V1.1.1)

In order to access the content of a carousel file, the XMLHttpRequest object can be used with the following constraints:

Parameters passed to the open() method:
method: Shall be set to “GET”.
url: Can be relative (to the location of the current page in the carousel’s file system) or an absolute dvb:
async: shall be set to true.
user and password: Ignored.
status: Set to 200 when the DSM-CC object is found and to 404 if it cannot be accessed – e.g. the object is not present in the carousel or if the carousel has been unmounted (due to another request).
statusText: implementation dependent.
Headers are not relevant for carousel access:
Calls to setRequestHeader() are ignored.
getResponseHeader() shall return null and getAllResponseHeaders() shall return an empty string.
Values of the responseText and responseXML properties are shown in Table 10.

Table 10: Values of the responseText and responseXML properties

DSM-CC object	URL example	responseText	responseXML
File	/weather/data.xml	Returns the “text response entity body” as defined in XMLHTTPRequest.	If the file has the extension “.xml”, returns the “XML response entity body” as defined in XMLHTTPRequest. Otherwise, returns null.
Directory	/weather	Comma-separated list of names (File name, Stream Event name or Directory name) of all objects in the directory. These names shall not include path information.	null
Stream Event	/weather/main/streamEvt1	Comma-separated list of names of all events in the Stream Event object.	null

Examples of dvb: URLs that may be used with the XMLHttpRequest object are:

/weather/data.xml(absolute path from the root of the carousel of the current page)

../weather/data.xml (relative path to the current page)

dvb://1..1.B8/weather/data.xml (0xB8 is the component tag)

Application developers should be aware that in some circumstances an attacker may be able to modify the broadcast signal carrying a carousel file. Applications should be written to be tolerant of incorrectly formatted data or values which are outside the expected range without hanging up, locking up or crashing.

Application developers should be aware that if a broadband-delivered application uses data from a carousel in a way that would result in it being executed by the browser, then the level of security of that application is then only as secure as the carousel delivery mechanism. Broadband-delivered applications should avoid such use unless the protection mechanism described in clause 9 of ETSI TS 102 809 [3] is in use.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Application Management APIs

Carousel objects access with XMLHttpRequest

Application Management APIs