Kevin Reuter & Brian Guthrie

hedgebornabaloneΛογισμικό & κατασκευή λογ/κού

2 Δεκ 2013 (πριν από 3 χρόνια και 8 μήνες)

53 εμφανίσεις

Kevin Reuter & Brian Guthrie


Multi
-
paradigm



Prototype based objects



Dynamic, weak typing



1995


Originally developed for Netscape as 'Mocha' by

Brendan
Eich


Renamed to
LiveScript

when it was first included in
Navigator


Renamed again to JavaScript


Final renaming coincided with Navigator adding
support for Java
-

confusion ensued

1996


Microsoft includes
JScript

in IE 3


Netscape
submits JS to ECMA for standards
consideration


Standard adopted in 1997



JavaScript



Jscript



Jscript .NET



ECMAScript



ActionScript



QtScript



Objective
-
J



WMLScript


Primitive
Datatypes


String: ‘single quote’ “and double quote”


Boolean: true, false


Number: 1, 2.0



Special Types


n
ull


u
ndefined


NaN


Infinity


Pros


C
-
style syntax


Style is not subjective



Cons


Nested function


Dynamically typed variables


Minimal variable naming rules


Pros


Semicolon insertion


Dynamically typed variables



Cons


Semicolon insertion


Style is not subjective



Pros


Most browsers have built
-
in debugging consoles



Cons


Dynamically typed variables


Scripts are run in client browser


Easily exploitable (XSS, CSRF)


Inclusion in web pages can cause T2S and
magnification features to fail


Pros


Scripts are run in client browser


C
-
based syntax is commonly known



Cons


Many different variations


Every browser family has its own version


May have to write separate code for each


Prototype
-
base languages are uncommon


Based on Scheme


Cons


Undefined variables are
undefined

not
null


All

numbers are IEEE
-
745 doubles


.2 + .1 =


0.30000000000000004


So

.2
+ .1
!=
.3


Strings can be single or double quoted


var

greeting = "Hello, world!";


var

greeting = 'Hello, world!';


Many

vendor
-
specific variations


Semicolon insertion


with (…) {}


Seriously?

"
\
t
\
r
\
n " ==
0 == ‘0’ == false != ‘false’


Serialization format based on JS object
shorthand


Used as an alternative to XML



Cross
-
site vulnerabilities


Insertion
of malicious
JavaScript into
a
site


Misplaced trust in
client browser


No
reliable way to hide code from clients


Scripts
can be disabled so JS can't be used to prevent certain
actions


Browser and plugin coding errors


Coding errors in plugins can allow for things like
buffer
-
overflows


Sandbox
implementation
errors


Browser can unintentionally allow JS to run outside of a
sandbox


Windows
allows JS to be run as a
non
-
sandboxed
, general
-
purpose program




The Internet
-

just turn off JS in your web
browser and watch the web stop working.



Many other programming languages have
libraries for manipulating JSON.



"JS had to 'look like Java' only less so, be Java’s
dumb kid brother or boy
-
hostage sidekick. Plus, I
had to be done in ten days or something worse
than JS would have happened"


-

Brendan
Eich



“The problem with JavaScript isn’t just that it
allows them (global variables), it requires them.”


Douglas
Crockford



“All JavaScript implementations are broken. Some
more broken than others [...]. They're all broken in
different ways
.”
-

Bob
Ippolito



http://en.wikipedia.org/wiki/JavaScript


http://en.wikipedia.org/wiki/Client
-
side_JavaScript


http://en.wikipedia.org/wiki/Json


http://www.json.org/


http
://www.json.org/example.html


http://en.wikipedia.org/wiki/ECMAScript


https://developer.mozilla.org/en/JavaScript_technologies_overview


http://www.netmagazine.com/opinions/too
-
much
-
javascript


http://bob.pythonmac.org/archives/2005/07/18/javascript
-
sucks
-
volume
-
2/


http://yuiblog.com/blog/2006/04/11/with
-
statement
-
considered
-
harmful/


http://javascriptmascot.com
/