zoukankan      html  css  js  c++  java
  • JavaScript Patterns 2.7 Avoiding Implied Typecasting

    Dealing with == and ===

    false == 0 or "" == 0 return true.

    always use the === and !==

    operators that check both the values and the type of the expressions you compare:

    var zero = 0;
    if (zero === false) {
        // not executing because zero is 0, not false
    }
    
    // antipattern
    if (zero == false) {
        // this block is executed...
    }   

    Avoiding eval()

    // antipattern
    var property = "name"; alert(eval("obj." + property)); // preferred
    var property = "name"; alert(obj[property]);

    Security implications (e.g. JSON response from an Ajax request)

    1. For browsers that don't support JSON.parse() natively, you can use a library from JSON.org.

    2. passing strings to setInterval(), setTimeout(), and the Function() constructor is, for the most part, similar to using eval()and therefore should be avoided.

    // antipatterns
    
    setTimeout("myFunc()", 1000);
    setTimeout("myFunc(1, 2, 3)", 1000);
    
    // preferred
    
    setTimeout(myFunc, 1000);
    setTimeout(function () {
        myFunc(1, 2, 3);
    }, 1000);   

    3. Using the new Function() constructor is similar to eval() and should be approached with care.

      1. If you absolutely must use eval(), you can consider using new Function() instead.
        Because the code evaluated in new Function() will be running in a local function scope, so any variables defined with var in the code being evaluated will not become globals automatically.
      2. Or wrap the eval() call into an immediate function.
        console.log(typeof un); // "undefined"
        
        console.log(typeof deux); // "undefined"
        
        console.log(typeof trois); // "undefined"
        
        var jsstring = "var un = 1; console.log(un);";
        
        eval(jsstring); // logs "1"
        
        jsstring = "var deux = 2; console.log(deux);";
        
        new Function(jsstring)(); // logs "2"
        
        jsstring = "var trois = 3; console.log(trois);";
        
        (function () {
        
            eval(jsstring);
        
        }()); // logs "3"
        
        console.log(typeof un); // "number"
        
        console.log(typeof deux); // "undefined"
        
        console.log(typeof trois); // "undefined" 
      3. No matter where you execute Function, it sees only the global scope. So it can do less local variable pollution.
         (function () {
        
            var local = 1;
        
            eval("local = 3; console.log(local)"); // logs 3
        
            console.log(local); // logs 3
        
        }());
        
        (function () {
        
            var local = 1;
        
            Function("console.log(typeof local);")(); // logs undefined
        
        }()); 
  • 相关阅读:
    手动启动log4j|nginx实现http https共存
    java.util.zip.ZipException: invalid LOC header (bad signature)
    Bean property 'transactionManagerBeanName' is not writable or has an invalid set
    rabbitmq启动异常table_attributes_mismatch
    nexus私服快速update index方法
    Spring boot ,dubbo整合异常
    如何编写无须人工干预的shell脚本
    Jenkins构建部署jar/war后,服务无法在后台持续运行的解决方案
    移动端CSS通用样式
    Spring bean的几种装配方式
  • 原文地址:https://www.cnblogs.com/haokaibo/p/Avoiding-Implied-Typecasting.html
Copyright © 2011-2022 走看看