I have been dabbling around with javascript for fun. I keep wondering why there are some people that do not like javascript because it can be easily abused or badly written. Then there are some people that love javascript because it is a powerful language and very useful for various purposes.
views:
434answers:
6
A:
I think that people who haven't used a framework like jQuery or MooTools will hate JavaScript because it's so difficult to write well, debug, and get working across all popular browsers.
I know this because that's exactly how I felt before I discovered jQuery--now JavaScript is a pleasure to write.
mgroves
2009-06-30 14:08:45
Cross-browser issues have little to do with javascript, the language. It's the DOM that's the big problem.
Joeri Sebrechts
2009-06-30 15:45:06
True, but who doesn't write JavaScript for browsers?
mgroves
2009-06-30 16:33:50
+1
A:
Javascript can be used for cross site scripting attacks, which injects malicious code into a website. See this Wikipedia Article
zPesk
2009-06-30 14:08:46
True, but javascript itself is not usually the culprit here - bad design and a lack of server-side data verification is much more common (often introduced becuase of too much javascript).
jwoolard
2009-06-30 14:14:22
@jwoolard; absolutely true, but those security holes wouldn't *be* security holes without something to exploit them.
MatW
2009-06-30 14:25:18
+5
A:
Douglas Crockford has a series of lectures that point you at the good parts of JavaScript and what to stay away from:
So some things that make JavaScript a good language include:
- It's strongly influenced by Lisp and has closures and other first class function goodness.
- It has literal object and list notation, making it very easy to specify data structures declaratively.
- It is available in basically every browser without any kind of plug-in.
- Duck typing.
- Prototypical inheritance.
Some of the bad things include:
- Optional semi-colons for statement termination which leads to hard to find bugs.
- Automatic type coercion that leads to hard to find bugs.
- A single global namespace shared by all of the scripts running for a page which can make reuse and maintenance a nightmare.
- Automatically creating/effecting names in the singular global namespace when local variables are improperly declared.
- A screwy way to use prototypical inheritance which can lead to weird bugs when you forget to use
new. - Incompatibilities among the leading implementations.
... but there patterns that can help with the namespace issues, there are compilers that will help you avoid some of the bug encouraging stuff and frameworks that will help you avoid the incompatible stuff.
With care, you can stick to the parts of JavaScript that make it a powerful and pleasurable language.
Aaron Maenpaa
2009-06-30 14:10:08
Check a bunch of great videos on JavaScript by Douglas Crockford and others. http://developer.yahoo.com/yui/theater///Douglas Crockford — The JavaScript Programming Languagehttp://video.yahoo.com/video/play?vid=111593//Douglas Crockford — Advanced JavaScripthttp://video.yahoo.com/video/play?vid=111585The above 2 videos describe the Good the Bad and Ugly parts of JavaScript.
Leyu
2009-06-30 15:38:26
+1
A:
Javascript per se is not dangerous. In fact, it is relatively 'safe' as far as languages go. You cannot trash someones computer with it, you will have trouble even locking up a computer.
However, javascript is also a continual source of security woes. This is not (usually) because javascript developers write bad code, but becuase of subtle bugs in the browsers that run the code.
generally, javascript is about as safe as programming gets, and it can make all the difference to almost any website. Don't worry about your javascript code being dangerous 9unless, of course, you want it to be ;-).
jwoolard
2009-06-30 14:11:45
+2
A:
From the perspective of a web author:
If a third party can inject JavaScript into your site, they can make the user's browser do anything the user can do. This includes spamming the site, sending usernames / passwords / credit card details to a third party and leaving the site to go and look at porn.
From the perspective of an end user:
There are a few trivial annoyances that JavaScript can do (such as setting up an endless loop of window.alert messages which jam up the browser). Happily, I don't run across them so much in these post-Geocities days.
A large proportion of security vulnerabilities in browsers have been related to the JS engines. As an attack vector for introducing viruses, JavaScript exploits have been quite popular. (These are faults with the browser, not with JS itself).
David Dorward
2009-06-30 14:32:51