JavaScript: Difference between revisions

JavaScript uses syntax influenced by that of [[C (programming language)|C]]. JavaScript copies many names and naming conventions from [[Java (programming language)|Java]], but the two languages are otherwise unrelated and have very different semantics. The key design principles within JavaScript are taken from the [[Self (programming language)|Self]] and [[Scheme (programming language)|Scheme]] programming languages.<ref>{{cite web|title=ECMAScript Language Overview|url=http://www.ecmascript.org/es4/spec/overview.pdf|format=PDF|pages=4|date=2007-10-23|accessdate=2009-05-03}}</ref>

 

{{quote box|width = 200px|Anyway I know only one [[programming language]] worse than [[C (programming language)|C]] and that is Javascript. [...] I was convinced that we needed to build-in a programming language, but the developers, [[Tim Berners-Lee|Tim]] first, were very much opposed. It had to remain completely declarative. Maybe, but the net result is that the programming-vacuum filled itself with the most horrible [[kludge|kluge]] in the history of computing: Javascript.|[[Robert Cailliau]]<ref>[[wikinews:Wikinews:Story preparation/Interview with Robert Cailliau]]</ref>}}

 

JavaScript was originally developed in Netscape, by [[Brendan Eich]]. Battling with Microsoft over the Internet, Netscape considered their client-server solution as a distributed OS, running portable Sun's Java. Because Java was a competitor of C++ and aimed at professional programmers, Netscape also wanted a lightweight interpreted language that would complement Java by appealing to nonprofessional programmers, like Microsoft's VB.<ref>{{cite journal |last=Severance |first=Charles |year=2012 |month=February |title=Java Script: Designing a Language in 10 Days |journal=Computer |volume=45 |issue=2 |pages=7-8 |publisher=IEEE Computer Society |url=http://www.computer.org/portal/web/csdl/abs/html/mags/co/2012/02/mco2012020007.htm |accessdate=23 April 2012 }}</ref> (see [[#JavaScript and Java]])

 

In January 2009, the [[CommonJS]] project was founded with the goal of specifying a common standard library mainly for JavaScript development outside the browser.<ref>{{cite web |url=http://arstechnica.com/web/news/2009/12/commonjs-effort-sets-javascript-on-path-for-world-domination.ars |title=CommonJS effort sets JavaScript on path for world domination |author=Kris Kowal |date=1 December 2009 |work=[[Ars Technica]] |publisher=[[Condé Nast Publications]] |accessdate=18 April 2010}}</ref>

 

Today, "JavaScript" is a [[trademark]] of [[Oracle Corporation]].<ref>{{cite web|title=USPTO Copyright entry #75026640|url=http://tarr.uspto.gov/servlet/tarr?regser=serial&entry=75026640|publisher=USPTO}}</ref> It is used under license for technology invented and implemented by Netscape Communications and current entities such as the [[Mozilla Foundation]].<ref>{{cite web|title=Sun Trademarks|url=http://www.sun.com/suntrademarks/|publisher=Sun Microsystems|accessdate=2007-11-08}}</ref>

 

The following features are common to all conforming ECMAScript implementations, unless explicitly specified otherwise.

 

JavaScript supports much of the [[structured programming]] syntax from [[C (computer language)|C]] (e.g., <code>if</code> statements, <code>while</code> loops, <code>switch</code> statements, etc.). One partial exception is [[scope (computer science)|scoping]]: C-style block-level scoping is not supported (instead, JavaScript has function-level scoping). JavaScript 1.7, however, supports block-level scoping with the <code>let</code> keyword. Like C, JavaScript makes a distinction between [[Expression (programming)|expressions]] and [[Statement (programming)|statements]]. One syntactic difference from C is [[JavaScript syntax#Whitespace and semicolons|automatic semicolon insertion]], in which the semicolons that terminate statements can be omitted.{{Sfn |Flanagan|2006| p=16}}

 

; dynamic typing: As in most scripting languages, [[type system|types]] are associated with [[value (computer science)|values]], not with [[Variable (programming)|variables]]. For example, a variable <code>x</code> could be bound to a number, then later rebound to a [[string (computer science)|string]]. JavaScript supports various ways to test the type of an object, including [[duck typing]].{{Sfn |Flanagan|2006| pp=176–178}}

; object based: JavaScript is almost entirely [[object-based]]. JavaScript [[Object (computer science)|objects]] are [[associative array]]s, augmented with prototypes (see below). Object property names are string keys: <code>obj.x&nbsp;=&nbsp;10</code> and <code>obj['x']&nbsp;=&nbsp;10</code> are equivalent, the dot notation being [[syntactic sugar]]. Properties and their values can be added, changed, or deleted at run-time. Most properties of an object (and those on its prototype inheritance chain) can be enumerated using a <code>for...in</code> loop. JavaScript has a small number of built-in objects such as <code>Function</code> and <code>Date</code>.

; run-time evaluation: JavaScript includes an <code>[[eval]]</code> function that can execute statements provided as strings at run-time.

 

; first-class functions: [[Subroutine|Functions]] are [[first-class function|first-class]]; they are objects themselves. As such, they have properties and methods, such as <code>length</code> and <code>call()</code>;{{Sfn |Flanagan|2006| pp=137–139}} and they can be assigned to variables, passed as arguments, returned by other functions, and manipulated like any other object.{{Sfn |Flanagan|2006| p=134}} Any reference to a function allows it to be invoked using the <code>()</code> operator.{{Sfn |Flanagan|2006| p=81}}

; nested functions: "Inner" or "nested" functions are functions defined within another function. They are created each time the outer function is invoked. In addition to that, the [[Scope (programming)|scope]] of the outer function, including any constants, local variables and argument values, become part of the internal state of each inner function object, even after execution of the outer function concludes.{{Sfn |Flanagan|2006| p=141}}

; closures: JavaScript allows nested functions to be created, with the [[lexical scope]] in force at their definition, and has a <code>()</code> operator to invoke them now or later. This combination of code that can be executed outside the scope in which it is defined, with its own scope to use during that execution, is called a [[Closure (computer science)|closure]] in computer science.{{Sfn |Flanagan|2006| p=144}}

 

; prototypes: JavaScript uses [[prototype-based programming|prototypes]] instead of [[Class (computer science)|classes]] for [[Inheritance (computer science)|inheritance]]. It is possible to simulate many class-based features with prototypes in JavaScript.

; functions as object constructors: Functions double as object constructors along with their typical role. Prefixing a function call with <code>new</code> creates a new object and calls that function with its local <code>this</code> keyword bound to that object for that invocation. The constructor's <code>prototype</code> property determines the object used for the new object's internal prototype.<!-- this topic is a bit more complex than presented here --> JavaScript's built-in constructors, such as <code>Array</code>, also have prototypes that can be modified.

; functions as methods<!--not sure where to classify this under-->: Unlike many object-oriented languages, there is no distinction between a function definition and a [[method (computer science)|method]] definition. Rather, the distinction occurs during function calling; a function can be called as a method. When a function is called as a method of an object, the function's local <code>this</code> keyword is bound to that object for that invocation.

 

; run-time environment: JavaScript typically relies on a run-time environment (e.g. in a [[web browser]]) to provide objects and methods by which scripts can interact with "the outside world". In fact, it relies on the environment to provide the ability to include/import scripts (e.g. [[HTML]] <code><nowiki><script></nowiki></code> elements). (This is not a language feature per se, but it is common in most JavaScript implementations.)

; variadic functions<!--note: this is not a functional programming feature-->: An indefinite number of parameters can be passed to a function. The function can access them through [[formal parameter]]s and also through the local <code>arguments</code> object.

; regular expressions: JavaScript also supports [[regular expression]]s in a manner similar to [[Perl]], which provide a concise and powerful syntax for text manipulation that is more sophisticated than the built-in string functions.

 

JavaScript is officially managed by [[Mozilla Foundation]], and new language features are added periodically. However, only some non-Mozilla [[JavaScript engine]]s support these new features:

* property getter and setter functions (also supported by WebKit, Opera,<ref>Robert Nyman, [http://robertnyman.com/2009/05/28/getters-and-setters-with-javascript-code-samples-and-demos/ Getters And Setters With JavaScript – Code Samples And Demos], published 29 May 2009, accessed 2 January 2010.</ref> ActionScript, and Rhino)<ref>John Resig, [http://ejohn.org/blog/javascript-getters-and-setters/ JavaScript Getters and Setters], 18 July 2007, accessed 2 January 2010</ref>

* [[ECMAScript for XML]] (E4X), an extension that adds native XML support to ECMAScript

 

{{Main|JavaScript syntax}}

 

{{As of|2011}}, the latest version of the language is JavaScript 1.8.5. It is a superset of [[ECMAScript]] (ECMA-262) Edition 3. Extensions to the language, including partial [[ECMAScript for XML]] (E4X) (ECMA-357) support and experimental features considered for inclusion into future ECMAScript editions, are documented here.<ref>{{cite web|url=https://developer.mozilla.org/en/JavaScript/Reference/About#JavaScript_history |title=MDN - About this Reference |publisher=Developer.mozilla.org |date=2008-08-31 |accessdate=2009-05-19}}</ref>

 

A simple alert box:

<syntaxhighlight lang="javascript">

</syntaxhighlight>

 

This sample code showcases various JavaScript features.

 

</div>

 

{{See also|JavaScript engine|Ajax (programming)}}

 

Because JavaScript is the only language that the most popular browsers share support for, it has become a [[target language (computing)|target language]] for many frameworks in other languages, even though JavaScript was never intended to be such a language.<ref name="computerworld">{{cite web|last=Hamilton|first=Naomi|url=http://www.computerworld.com.au/article/255293/-z_programming_languages_javascript|title=The A-Z of Programming Languages: JavaScript|publisher=computerworld.com.au|date=2008-06-31}}</ref> Despite the performance limitations inherent to its dynamic nature, the increasing speed of JavaScript engines has made the language a surprisingly feasible compilation target.

 

 

Below is a minimal example of a standards-conforming web page containing JavaScript (using [[HTML|HTML 4.01]] syntax) and the [[Document object model|DOM]]:

</script>

<noscript>

 

Your browser either does not support JavaScript, or has JavaScript turned off.

</syntaxhighlight>

 

{{Main|Web interoperability}}

 

To support these users, web authors can try to create pages which [[Fault-tolerant system|degrade gracefully]] on user agents (browsers) which do not support the page's JavaScript. In particular, the page should remain usable albeit without the extra features that the JavaScript would have added. An alternative approach that many find preferable is to first author content using basic technologies that work in all browsers, then enhance the content for users that have JavaScript enabled. This is known as [[progressive enhancement]].

 

{{Main|Web accessibility}}

Assuming that the user has not disabled its execution, client-side web JavaScript should be written to enhance the experiences of visitors with visual or physical [[Disability|disabilities]], and certainly should avoid denying information to these visitors.{{Sfn |Flanagan|2006| pp=262–263}}

Often the process of making a complex web page as accessible as possible becomes a [[nontrivial]] problem where issues become matters of debate and opinion, and where compromises are necessary in the end. However, user agents and [[Assistive technology|assistive technologies]] are constantly evolving and new guidelines and relevant information are continually being published on the web.{{Sfn |Flanagan|2006| pp=262–263}}

 

{{seealso|Browser security}}

JavaScript and the DOM provide the potential for malicious authors to deliver scripts to run on a client computer via the web. Browser authors contain this risk using two restrictions. First, scripts run in a [[Sandbox (computer security)|sandbox]] in which they can only perform web-related actions, not general-purpose programming tasks like creating files. Second, scripts are constrained by the [[same origin policy]]: scripts from one web site do not have access to information such as usernames, passwords, or cookies sent to another site. Most JavaScript-related security bugs are breaches of either the same origin policy or the sandbox.

 

{{Main|Cross-site scripting|Cross-site request forgery}}

A common JavaScript-related security problem is [[cross-site scripting]], or XSS, a violation of the [[same origin policy|same-origin policy]]. XSS vulnerabilities occur when an attacker is able to cause a target web site, such as an online banking website, to include a malicious script in the webpage presented to a victim. The script in this example can then access the banking application with the privileges of the victim, potentially disclosing secret information or transferring money without the victim's authorization. A solution to XSS vulnerabilities is to use ''HTML escaping'' whenever displaying untrusted data.

"JavaScript hijacking" is a type of CSRF attack in which a <script> tag on an attacker's site exploits a page on the victim's site that returns private information such as JSON or JavaScript. Possible solutions include requiring an authentication token in the POST and GET parameters for any response that returns private [[JSON]] (even if it has no side effects); using POST and never GET for requests that return private JSON; and modifying the response so that it can't be used via a <script> tag (by, for example, wrapping the JSON in a JavaScript comment).

 

Developers of client-server applications must recognize that untrusted clients may be under the control of attackers. Thus any secret embedded in JavaScript could be extracted by a determined adversary, and the application author cannot assume that his JavaScript runs as intended, or at all. Some implications:

 

* It is extremely bad practice to embed sensitive information such as passwords in JavaScript because it can be extracted by an attacker.

 

JavaScript provides an interface to a wide range of browser capabilities, some of which may have flaws such as [[buffer overflow]]s. These flaws can allow attackers to write scripts which would run any code they wish on the user's system.

 

In Windows Vista, Microsoft has attempted to contain the risks of bugs such as buffer overflows by running the Internet Explorer process with limited privileges.<ref>Mike Friedman, [http://blogs.msdn.com/ie/archive/2006/02/09/528963.aspx Protected Mode in Vista IE7]</ref> [[Google Chrome]] similarly limits page renderers in its own "sandbox".

 

Web browsers are capable of running JavaScript outside of the sandbox, with the privileges necessary to, for example, create or delete files. Of course, such privileges aren't meant to be granted to code from the web.

 

[[Microsoft Windows]] allows JavaScript source files on a computer's hard drive to be launched as general-purpose, non-sandboxed programs. This makes JavaScript (like [[VBScript]]) a theoretically viable vector for a [[Trojan horse (computing)|Trojan horse]], although JavaScript Trojan horses are uncommon in practice.<ref>For one example of a rare JavaScript Trojan Horse, see Symantec Corporation, [http://www.symantec.com/security_response/writeup.jsp?docid=2003-100111-0931-99 JS.Seeker.K]</ref> (See [[Windows Script Host]].)

 

In addition to web browsers and servers, JavaScript interpreters are embedded in a number of tools. Each of these applications provides its own [[object model]] which provides access to the host environment, with the core JavaScript language remaining mostly the same in each application.

 

* Google's [[Google Chrome|Chrome]] extensions, [[Opera]]'s extensions, Apple's [[Safari (web browser)|Safari 5]] extensions, Apple's [[Dashboard (Mac OS)|Dashboard Widgets]], Microsoft's [[Microsoft Gadgets|Gadgets]], [[Yahoo! Widgets]], [[Google Desktop#Gadgets .26 plug-ins|Google Desktop Gadgets]], and [[Serence]] [[Klipfolio]] are implemented using JavaScript.

* Adobe's [[Adobe Acrobat|Acrobat]] and Adobe Reader support JavaScript in [[Portable Document Format|PDF]] files.<ref>{{cite web|url=http://www.adobe.com/devnet/acrobat/javascript.html | accessdate=2009-08-18 | title= JavaScript for Acrobat}}</ref>

* Many [[Internet Relay Chat clients|IRC clients]], like [[ChatZilla]] or [[XChat]], use JavaScript for their scripting abilities.<ref>{{cite web|title=ChatZilla! Frequently Asked Questions - 4.5. How do I write scripts?|url=http://chatzilla.hacksrus.com/faq/#scripts|publisher=[[Hacksrus.com]]|accessdate=11 February 2011}}</ref><ref>{{cite web|title=http://unborn.ludost.net/xcdscript/|url=http://unborn.ludost.net/xcdscript/|accessdate=11 February 2011}}</ref>

 

* Microsoft's [[Active Scripting]] technology supports [[JScript]] as a scripting language.<ref name="VersionInformation">[http://msdn.microsoft.com/en-us/library/s4esdbwz(v=VS.94).aspx Version Information (JavaScript)]</ref>

* The [[Java programming language]], in version SE 6 (JDK 1.6), introduced the <code>javax.script</code> package, including a JavaScript implementation based on [[Rhino (JavaScript engine)|Mozilla Rhino]]. Thus, Java applications can host scripts that access the application's variables and objects, much like web browsers host scripts that access the browser's Document Object Model (DOM) for a webpage.<ref>{{cite web|url=http://java.sun.com/javase/6/webnotes/index.html#scripting |title=javax.script release notes |publisher=Java.sun.com |date= |accessdate=2009-05-19}}</ref>{{Sfn |Flanagan|2006| pp=214 et seq}}

* Late Night Software's [[JavaScript OSA]] (aka JavaScript for OSA, or JSOSA) is a freeware alternative to [[AppleScript]] for Mac OS X. It is based on the Mozilla 1.5 JavaScript implementation, with the addition of a <code>MacOS</code> object for interaction with the operating system and third-party applications.<ref>[[AppleScript#Open_Scripting_Architecture|Open Scripting Architecture]]</ref>

 

* [[ActionScript]], the programming language used in [[Adobe Flash]], is another implementation of the ECMAScript standard.

* The [[Mozilla]] platform, which underlies [[Firefox]], [[Mozilla Thunderbird|Thunderbird]], and some other web browsers, uses JavaScript to implement the [[graphical user interface]] (GUI) of its various products.

* [[Qt Quick]]'s markup language (QML) is using JavaScript for the application logic, and the declarative syntax is JavaScript-like. QML has been available since [[Qt (framework)|Qt]] 4.7.

 

Within JavaScript, access to a [[debugger]] becomes invaluable when developing large, non-trivial programs. Because there can be implementation differences between the various browsers (particularly within the [[Document Object Model]]), it is useful to have access to a debugger for each of the browsers that a web application targets.<ref>{{cite web|url=http://www.alistapart.com/articles/advanced-debugging-with-javascript/ |title=Advanced Debugging With JavaScript |publisher=alistapart.com |date=2009-02-03 |accessdate=2010-05-28}}</ref>

 

[http://prettydiff.com/ Pretty Diff] is an algorithmic [[diff]] tool written in JavaScript for comparing white space compressed JavaScript, and several other languages, to human readable forms of similar code.

 

{{See also|ECMAScript#Dialects|ECMAScript#Version correspondence}}

 

|}

 

 

[[JSON]], or JavaScript Object Notation, is a general-purpose data interchange format that is defined as a subset of JavaScript's literal syntax.

Mozilla browsers currently support [[LiveConnect]], a feature that allows JavaScript and Java to intercommunicate on the web. However, Mozilla-specific support for LiveConnect is scheduled to be phased out in the future in favor of passing on the LiveConnect handling via [[NPAPI]] to the Java 1.6+ plug-in (not yet supported on the Mac {{as of|March 2010|lc=y}}).<ref>[http://java.sun.com/javase/6/webnotes/6u10/plugin2/liveconnect/ Java.sun.com]</ref> Most browser inspection tools, such as [[Firebug (web development)|Firebug]] in Firefox, include JavaScript interpreters that can act on the visible page's DOM.

 

 

As JavaScript is typically the most widely supported programming language you can run within web browsers, it has become an [[intermediate language]] for other languages to target. This has included ports of existing languages, and the creation of new ones. Some of these include:

* [[Dart (programming language)|Dart]] is supported by Google, and compiles to its own native language in addition to a Javascript based one

 

A common misconception is that JavaScript is similar or closely related to [[Java (programming language)|Java]]. It is true that both have a C-like syntax, the C language being their most immediate common ancestor language. They are both object-oriented, typically sandboxed (when used inside a browser), and are widely used in client-side Web applications. In addition, JavaScript was designed with Java's syntax and standard library in mind. In particular, all Java keywords were reserved in original JavaScript, JavaScript's standard library follows Java's naming conventions, and JavaScript's Math and Date objects are based on classes from Java 1.0.<ref name="popularity"/>

{{cquote|JS had to “look like Java” only less so, [it had to] be Java’s dumb kid brother or boy-hostage sidekick. Plus, I had to be done in ten days or something worse than JS would have happened|30px||[[Brendan Eich]]<ref>{{cite web|last=Willison|first=Simon|title=A quote from Brendan Eich|url=http://simonwillison.net/2010/Oct/16/jwz/|accessdate=26 March 2011}}</ref> }}

 

 

{{Portal|Computer programming}}

* [[Ajax (programming)]] – Asynchronous JavaScript and XML (Ajax), a group of web development methods used to create interactive web applications

{{Clear}}

 

{{Reflist|colwidth=30em}}

 

{{Refbegin}}

*{{cite book |last=Bhangal |first=Sham |coauthors=Jankowski, Tomasz |title=Foundation Web Design: Essential HTML, JavaScript, CSS, PhotoShop, Fireworks, and Flash |year=2003 |publisher=APress L. P. |isbn=1-59059-152-6}}

{{Refend}}

 

{{Spoken Wikipedia|En-JavaScript.ogg|2011-11-01}}

{{Wikibooks|JavaScript}}

{{Wikiversity|Topic:JavaScript}}

* [http://code.google.com/edu/submissions/html-css-javascript/ Google's Video tutorials on JS]

* [http://yuiblog.com/crockford/ Douglas Crockford's video lectures on JavaScript]