Hi All,
I am wondering if it is a good idea to rely on frameworks like jQuery/mootools or should we just use plain javascript ?
Apart from avoiding the re-invention of wheel, do they add any specific value ?
Since the frameworks are open to public, can there be possibility of exploitation of any security holes that might appear(of course, unintentionally :) ) in the frameworks ?
Are there any other points that are to be considered when choosing a framework or otherwise ?
Thanks
Do not downplay the importance of avoiding the re-invention of the wheel. You don't invent a new computer each time you want to write a new program.
But apart from that, JavaScript libraries provide better cross-browser support. This is extremely helpful, as a quick look at QuirksMode will demonstrate.
JS frameworks make many things easier. Look at the jQuery documentation and you will see how easily it is do many fancy things.
JS frameworks have been extended by many people, so you there are many high quality jQuery plugins (for example — it's the framework I know the best) that you can use without having to write yourself.
It is unlikely that JS frameworks would introduce security holes, as they don't expose any more functionality than what you can do with plain JS.
Frameworks solve cross-browser bugs which normally would cost hours of your time, so you can focus on functionality instead of worrying about some edge case browser bug.. instead of wasting 4-5 hours solving a bug spend that time with your family.
Frameworks such as jQuery are pretty loaded with stuff like animation, selectors, html manipulation so there's usually some sort of functionality already built into the library, again saving you more time and the API makes it really easy to actually accomplish complex things.
Interpreters and browsers are only getting faster and faster so I don't particularly think it's a huge issue loading an entire library up. In addition thanks to Google et al we get very fast cdns and nowadays lots of sites are using the same exact URI to pull the script in, meaning there's a higher rate of the script getting cached and reused on another site.
Instead of every single web developer having their own library it's much more efficient having thousands of people concentrated to bettering a handful of libraries so cross-browser bugs get documented and fixed.
Competition is a good thing, the result of the slickspeed tests resulted in much faster selector engines such as Sizzle. Developers not having to worry about trivial DOM bugs means more complex libraries are created daily, which means entry-level developers have access to very powerful plugins.
As far as security, jQuery for example will detect if the browser is capable of parsing JSON natively and if so, rely on that. Usually any modern browser will have this, and it's much safer than eval... so jQuery strives to use the safer and more secure methods first. It will only use eval if there isnt a JSON.parse method available.
An important thing to remember in jQuery though is remembering you're still coding in Javascript. Usually people get too caught up in the sugar coated methods and wrapping everything in $, I think it's important to know you can still do this.href instead of $(this).attr('href') if you would like an absolutely normalized uri for example.
Depends on what you're using JS for. If you want to be able to show and hide panels, animate stuff, attach events to multiple elements, do ajax etc then you need to consider x-browser issues.
jQuery eliminates the need to think about x-browser issues and allows some really neat functionality like the above and also modal dialogs etc.
So it depends on what you want from JS.
I have never used mootools so can't comment on that but jquery makes a lot of things easier.
There are a lot more but it generally simplifies/accelerates development. One thing to watch out for is if you are using a ton of selectors in a single function (loop that iterates over the DOM 40+ times) it is waaay more efficient to use vanilla javascript.
So my advise would be to code the front end with the aid of a framework and then optimize the underperforming parts by subing in vanilla javascript.
Also I don't see how jquery or mootools could be a security threat as they are client side frameworks not server side. Remember to always validate inputs on the serverside in addition to any client side validation and to properly parameterize sql queries that are constructed server side.
The frameworks provide a cross-browser-API for JavaScript, so most of the time they are very usefull even though they come with a little speed-loss. But the JS-Engines get fast almost every update so that's not really a problem. There are also very many plugins for the frameworks so they not only provide an API but also new cross-browser-features. But it depends on what you wanna do.
I don't give great weight to the "Open Source is extra-vulnerable to security issues" argument. I see benefit of many Good Guys reading the code and spotting such problems. If this were an issue then we'd need to discard Linux, Apache, MySql, and most of the Java libraries.
Frameworks generally save a very great deal of effort, I see them precisely as a pre-invented wheel. They don't need any other value.