Loading ...
Sorry, an error occurred while loading the content.

Re: [jslint] Re: This eval is not evil

Expand Messages
  • Felix E. Klee
    On Thu, Oct 18, 2012 at 9:05 AM, douglascrockford ... I am already using that comment, but it is misleading, because: This eval is not evil.
    Message 1 of 10 , Oct 18, 2012
    • 0 Attachment
      On Thu, Oct 18, 2012 at 9:05 AM, douglascrockford
      <douglas@...> wrote:
      > /*jslint evil: true */

      I am already using that comment, but it is misleading, because: This
      eval is not evil.
    • douglascrockford
      ... How do you expect JSLint to know that?
      Message 2 of 10 , Oct 18, 2012
      • 0 Attachment
        --- In jslint_com@yahoogroups.com, "Felix E. Klee" <felix.klee@...> wrote:
        >
        > On Thu, Oct 18, 2012 at 9:05 AM, douglascrockford
        > <douglas@...> wrote:
        > > /*jslint evil: true */
        >
        > I am already using that comment, but it is misleading, because: This
        > eval is not evil.


        How do you expect JSLint to know that?
      • Felix E. Klee
        On Thu, Oct 18, 2012 at 2:02 PM, douglascrockford ... By checking the object: `eval`, `window.eval`, `global.eval`, etc. are evil Of course, it could be that
        Message 3 of 10 , Oct 18, 2012
        • 0 Attachment
          On Thu, Oct 18, 2012 at 2:02 PM, douglascrockford
          <douglas@...> wrote:
          >> This eval is not evil.
          >
          > How do you expect JSLint to know that?

          By checking the object: `eval`, `window.eval`, `global.eval`, etc. are
          evil

          Of course, it could be that somewhere, eval is reassigned to another
          object `x`:

          x.eval = eval;

          But so it could be that somewhere:

          x.f = eval;

          There is no perfect check, and every unknown (to JSLint) function could
          potentially be `eval`. Well, perhaps that's your point, and I should
          just amend the JSLint comment to tell other programmers what is
          happening here.
        • Marcel Duran
          Of course eval can be disguised in several ways, such as: window[ eval .toString()]( alert( foobar ) ); So your redis client could be:
          Message 4 of 10 , Oct 18, 2012
          • 0 Attachment
            Of course eval can be disguised in several ways, such as:

            window['eval'.toString()]('alert("foobar")');

            So your redis client could be:

            client['eval'.toString()]("return 100.5", 0, function (err, res) {

            and avoid jslint evil: true option

            @marcelduran


            On Thu, Oct 18, 2012 at 5:35 AM, Felix E. Klee <felix.klee@...> wrote:

            > **
            >
            >
            > On Thu, Oct 18, 2012 at 2:02 PM, douglascrockford
            > <douglas@...> wrote:
            > >> This eval is not evil.
            > >
            > > How do you expect JSLint to know that?
            >
            > By checking the object: `eval`, `window.eval`, `global.eval`, etc. are
            > evil
            >
            > Of course, it could be that somewhere, eval is reassigned to another
            > object `x`:
            >
            > x.eval = eval;
            >
            > But so it could be that somewhere:
            >
            > x.f = eval;
            >
            > There is no perfect check, and every unknown (to JSLint) function could
            > potentially be `eval`. Well, perhaps that's your point, and I should
            > just amend the JSLint comment to tell other programmers what is
            > happening here.
            >
            >
            >


            [Non-text portions of this message have been removed]
          • Kirk Cerny
            I think this eval is evil. I believe that it is close enough to a reserved word to avoid using it as a property name. I also think it makes the code harder to
            Message 5 of 10 , Oct 18, 2012
            • 0 Attachment
              I think this eval is evil.
              I believe that it is close enough to a reserved word to avoid using it as a
              property name.

              I also think it makes the code harder to read and understand, because
              whenever I read eval
              any where my first impression is that it is the eval function.
              I am required to change what my initial first glance assumption tells me.

              Kirk Cerny


              [Non-text portions of this message have been removed]
            • Felix E. Klee
              On Thu, Oct 18, 2012 at 6:46 PM, Marcel Duran ... Interesting hack, but I don t think this improves readability. Anyways, it s easier
              Message 6 of 10 , Oct 18, 2012
              • 0 Attachment
                On Thu, Oct 18, 2012 at 6:46 PM, Marcel Duran <marcelduran@...>
                wrote:
                > client['eval'.toString()]("return 100.5", 0, function (err, res) {

                Interesting hack, but I don't think this improves readability.

                Anyways, it's easier to just use alternative names:

                client.EVAL

                All Redis commands can be passed to the client either in all lowercase
                or all uppercase.
              • Felix E. Klee
                On Thu, Oct 18, 2012 at 7:22 PM, Kirk Cerny ... What s bad about using reserved words as property names? In his book, Douglas mentions
                Message 7 of 10 , Oct 18, 2012
                • 0 Attachment
                  On Thu, Oct 18, 2012 at 7:22 PM, Kirk Cerny <kirksemail@...>
                  wrote:
                  > I believe that it is close enough to a reserved word to avoid using it
                  > as a property name.

                  What's bad about using reserved words as property names?

                  In his book, Douglas mentions that it is *bad* that reserved words
                  cannot be used as object property names without quoting:

                  * Page 7, section "Names":

                  It is not permitted to name a variable or parameter with a reserved
                  word. Worse, it is not permitted to use a reserved word as the name
                  of an object property in an object literal or following a dot in a
                  refinement.

                  * Page 103, section "Reserved Words":

                  They cannot be used to name variables or parameters. When reserved
                  words are used as keys in object literals, they must be quoted. They
                  cannot be used with the dot notation, so it is sometimes necessary
                  to use the bracket notation instead:

                  var method; // ok
                  var class; // illegal
                  object = {box: value}; // ok
                  object = {case: value}; // illegal
                  object = {'case': value}; // ok
                  object.box = value; // ok
                  object.case = value; // illegal
                  object['case'] = value; //

                  > I also think it makes the code harder to read and understand, because
                  > whenever I read eval any where my first impression is that it is the
                  > eval function.

                  So what about "case" in the above example? Would you also avoid using
                  it?

                  The dot notation namespaces variable names, and to me that is not
                  confusing. To me reading `redisClient.eval` is no more confusing that
                  something like `redisClient.redisEval`. If one is confused by this, then
                  I propose avoiding `eval` at all, and instead name it `lave`. Surely,
                  `redisClient.lave` is less confusing... ;-)

                  I understand if Douglas doesn't want to make an exception on the basis
                  that this would make the parser too complicated. All the other
                  arguments, I don't understand.
                Your message has been successfully submitted and would be delivered to recipients shortly.