Dealing with == and ===

false == 0 or "" == 0 return true.

always use the === and !==

operators that check both the values and the type of the expressions you compare:

var zero = 0;

if (zero === false) {

    // not executing because zero is 0, not false

}

// antipattern

if (zero == false) {

    // this block is executed...

}   

Avoiding eval()

// antipattern

var property = "name";

alert(eval("obj." + property));

// preferred

var property = "name";

alert(obj[property]);

Security implications (e.g. JSON response from an Ajax request)

1. For browsers that don't support JSON.parse() natively, you can use a library from JSON.org.

2. passing strings to setInterval(), setTimeout(), and the Function() constructor is, for the most part, similar to using eval()and therefore should be avoided.

// antipatterns

setTimeout("myFunc()", 1000);

setTimeout("myFunc(1, 2, 3)", 1000);

// preferred

setTimeout(myFunc, 1000);

setTimeout(function () {

    myFunc(1, 2, 3);

}, 1000);   

3. Using the new Function() constructor is similar to eval() and should be approached with care.

    1. If you absolutely must use eval(), you can consider using new Function() instead.
      Because the code evaluated in new Function() will be running in a local function scope, so any variables defined with var in the code being evaluated will not become globals automatically.
    2. Or wrap the eval() call into an immediate function. 
      console.log(typeof un); // "undefined"

console.log(typeof deux); // "undefined"

console.log(typeof trois); // "undefined"

var jsstring = "var un = 1; console.log(un);";

eval(jsstring); // logs "1"

jsstring = "var deux = 2; console.log(deux);";

new Function(jsstring)(); // logs "2"

jsstring = "var trois = 3; console.log(trois);";

(function () {

    eval(jsstring);

}()); // logs "3"

console.log(typeof un); // "number"

console.log(typeof deux); // "undefined"

console.log(typeof trois); // "undefined"
    3. No matter where you execute Function, it sees only the global scope. So it can do less local variable pollution. 
       (function () {

    var local = 1;

    eval("local = 3; console.log(local)"); // logs 3

    console.log(local); // logs 3

}());

(function () {

    var local = 1;

    Function("console.log(typeof local);")(); // logs undefined

}());

JavaScript Patterns 2.7 Avoiding Implied Typecasting的更多相关文章

  1. JavaScript Patterns 7.1 Singleton

    7.1 Singleton The idea of the singleton pattern is to have only one instance of a specific class. Th ...

  2. JavaScript Patterns 6.7 Borrowing Methods

    Scenario You want to use just the methods you like, without inheriting all the other methods that yo ...

  3. JavaScript Patterns 6.6 Mix-ins

    Loop through arguments and copy every property of every object passed to the function. And the resul ...

  4. JavaScript Patterns 6.5 Inheritance by Copying Properties

    Shallow copy pattern function extend(parent, child) { var i; child = child || {}; for (i in parent) ...

  5. JavaScript Patterns 6.4 Prototypal Inheritance

    No classes involved; Objects inherit from other objects. Use an empty temporary constructor function ...

  6. JavaScript Patterns 6.3 Klass

    Commonalities • There’s a convention on how to name a method, which is to be considered the construc ...

  7. JavaScript Patterns 6.2 Expected Outcome When Using Classical Inheritance

    // the parent constructor function Parent(name) { this.name = name || 'Adam'; } // adding functional ...

  8. JavaScript Patterns 6.1 Classical Versus Modern Inheritance Patterns

    In Java you could do something like: Person adam = new Person(); In JavaScript you would do: var ada ...

  9. JavaScript Patterns 5.9 method() Method

    Advantage Avoid re-created instance method to this inside of the constructor. method() implementatio ...

随机推荐

  1. java内存组成

     java内存组成介绍:堆(Heap)和非堆(Non-heap)内存 按照官方的说法:“Java 虚拟机具有一个堆,堆是运行时数据区域,所有类实例和数组的内存均从此处分配.堆是在 Java 虚拟机启动 ...

  2. 输入一个链表,按链表值从尾到头的顺序返回一个ArrayList

    package algorithms; import java.util.ArrayList; import java.util.Stack; /** * public class ListNode ...

  3. 这段代码很Pythonic | 相见恨晚的 itertools 库

    前言 最近事情不是很多,想写一些技术文章分享给大家,同时也对自己一段时间来碎片化接受的知识进行一下梳理,所谓写清楚才能说清楚,说清楚才能想清楚,就是这个道理了. 很多人都致力于把Python代码写得更 ...

  4. Spring Boot 2.0的属性绑定

    Spring Boot2.0的属性绑定 原文从Spring boot第一个版本以来,我们可以使用@ConfigurationProperties注解将属性绑定到对象.也可以指定属性的各种不同格式.比如 ...

  5. 前端安全 xss

    整体的 XSS 防范是非常复杂和繁琐的,不仅需要在全部需要转义的位置,对数据进行对应的转义.而且要防止多余和错误的转义,避免正常的用户输入出现乱码. 虽然很难通过技术手段完全避免 XSS,但可以总结以 ...

  6. 重置默认样式 css reset

    html { overflow-x:auto; overflow-y:scroll; } body, dl, dt, dd, ul, ol, li, pre, form, fieldset, inpu ...

  7. js的title提示

    $(function() { //先在页面创建一个层 var jqtip = $("<div id='jqtip20130719'" + "style='paddi ...

  8. CentOS7安装Nginx及其相关

    一.安装所需环境 gcc 安装 安装 nginx 需要先将官网下载的源码进行编译,编译依赖 gcc 环境,如果没有 gcc 环境,则需要安装. yum install gcc-c++ PCRE pcr ...

  9. Sturts2中Action的搜索顺序

    http://localhost:8080/ProjectName/path1/path2/path3/XX.action 首先会判断以/path1/paht2/path3为namespace的pac ...

  10. java 十五周总结