Dealing with == and ===

false == 0 or "" == 0 return true.

always use the === and !==

operators that check both the values and the type of the expressions you compare:

var zero = 0;

if (zero === false) {

    // not executing because zero is 0, not false

}

// antipattern

if (zero == false) {

    // this block is executed...

}   

Avoiding eval()

// antipattern

var property = "name";

alert(eval("obj." + property));

// preferred

var property = "name";

alert(obj[property]);

Security implications (e.g. JSON response from an Ajax request)

1. For browsers that don't support JSON.parse() natively, you can use a library from JSON.org.

2. passing strings to setInterval(), setTimeout(), and the Function() constructor is, for the most part, similar to using eval()and therefore should be avoided.

// antipatterns

setTimeout("myFunc()", 1000);

setTimeout("myFunc(1, 2, 3)", 1000);

// preferred

setTimeout(myFunc, 1000);

setTimeout(function () {

    myFunc(1, 2, 3);

}, 1000);   

3. Using the new Function() constructor is similar to eval() and should be approached with care.

    1. If you absolutely must use eval(), you can consider using new Function() instead.
      Because the code evaluated in new Function() will be running in a local function scope, so any variables defined with var in the code being evaluated will not become globals automatically.
    2. Or wrap the eval() call into an immediate function. 
      console.log(typeof un); // "undefined"

console.log(typeof deux); // "undefined"

console.log(typeof trois); // "undefined"

var jsstring = "var un = 1; console.log(un);";

eval(jsstring); // logs "1"

jsstring = "var deux = 2; console.log(deux);";

new Function(jsstring)(); // logs "2"

jsstring = "var trois = 3; console.log(trois);";

(function () {

    eval(jsstring);

}()); // logs "3"

console.log(typeof un); // "number"

console.log(typeof deux); // "undefined"

console.log(typeof trois); // "undefined"
    3. No matter where you execute Function, it sees only the global scope. So it can do less local variable pollution. 
       (function () {

    var local = 1;

    eval("local = 3; console.log(local)"); // logs 3

    console.log(local); // logs 3

}());

(function () {

    var local = 1;

    Function("console.log(typeof local);")(); // logs undefined

}());

JavaScript Patterns 2.7 Avoiding Implied Typecasting的更多相关文章

  1. JavaScript Patterns 7.1 Singleton

    7.1 Singleton The idea of the singleton pattern is to have only one instance of a specific class. Th ...

  2. JavaScript Patterns 6.7 Borrowing Methods

    Scenario You want to use just the methods you like, without inheriting all the other methods that yo ...

  3. JavaScript Patterns 6.6 Mix-ins

    Loop through arguments and copy every property of every object passed to the function. And the resul ...

  4. JavaScript Patterns 6.5 Inheritance by Copying Properties

    Shallow copy pattern function extend(parent, child) { var i; child = child || {}; for (i in parent) ...

  5. JavaScript Patterns 6.4 Prototypal Inheritance

    No classes involved; Objects inherit from other objects. Use an empty temporary constructor function ...

  6. JavaScript Patterns 6.3 Klass

    Commonalities • There’s a convention on how to name a method, which is to be considered the construc ...

  7. JavaScript Patterns 6.2 Expected Outcome When Using Classical Inheritance

    // the parent constructor function Parent(name) { this.name = name || 'Adam'; } // adding functional ...

  8. JavaScript Patterns 6.1 Classical Versus Modern Inheritance Patterns

    In Java you could do something like: Person adam = new Person(); In JavaScript you would do: var ada ...

  9. JavaScript Patterns 5.9 method() Method

    Advantage Avoid re-created instance method to this inside of the constructor. method() implementatio ...

随机推荐

  1. ThinkPHP---拓展之jQuery的ajax

    [前言] 用Sublime开发时,推荐下载一个jQuery插件,可以智能化创建基本函数格式,支持自动生成,可以提高开发效率 (1)jQuery里ajax方法有几个? 答:有4个,分别为post.get ...

  2. 03Servlet API

    Servlet API Servlet是实现javax.servlet.Servlet接口的对象.大多数Servlet通过从GenericServlet或HttpServlet类进行扩展来实现.Ser ...

  3. 关于fragment+viewpager的优化

    上次写了一个问答项目,用的fragment+viewpager架构,后来发现,划了几次之后,再划回来,会重新加载布局,重新获取数据,这样整个程序和卡,并且占用太多的网络资源. 当时的解决办法是,自己重 ...

  4. 前端安全 xss

    整体的 XSS 防范是非常复杂和繁琐的,不仅需要在全部需要转义的位置,对数据进行对应的转义.而且要防止多余和错误的转义,避免正常的用户输入出现乱码. 虽然很难通过技术手段完全避免 XSS,但可以总结以 ...

  5. knockout.js--基本用法

    1,HTML元素的面向对象的赋值,数据绑定 text绑定:为p,span,div,td等加text属性值(即元素内部显示的文本), value绑定:为input添加value属性值, attr绑定:为 ...

  6. eclipse自动换行

    Eclipse是一款非常优秀的IDE,但是不能自动换行,需要安装一个插件完成这个功能. 安装办法有两种: 1.在线安装. 选择help-->install new software,点击Add, ...

  7. fork 系统调用

    对自己知识储备的感觉就是过于肤浅,很多东西知其名后就不了了之 此系列博客将记录进程分析的学习过程,希望能够多些深度 提到进程,最容易的想到就是fork系统调用,比较好和快速的找到的fork的相关信息就 ...

  8. 洛谷 2866 [USACO06NOV]糟糕的一天Bad Hair Day

    [题意概述] 给出一个长度为n的序列a,求有多少对[i,j]满足i<j且a[i]>max(a[i+1],a[i+2],...,a[j]). [题解] 单调栈. 倒着处理序列的元素,维护一个 ...

  9. 建立DJANGO的自定义TAG

    DJANGO的TAG分为三类: • simple_tag : Processes the data and returns a string• inclusion_tag : Processes th ...

  10. HDU A/B 扩展欧几里得

    Problem Description 要求(A/B)%9973,但由于A很大,我们只给出n(n=A%9973)(我们给定的A必能被B整除,且gcd(B,9973) = 1).   Input 数据的 ...