Loading ...
Sorry, an error occurred while loading the content.

[jslint] Re: This eval is not evil

Expand Messages
  • douglascrockford
    ... How do you expect JSLint to know that?
    Message 1 of 10 , Oct 18, 2012
    • 0 Attachment
      --- In jslint_com@yahoogroups.com, "Felix E. Klee" <felix.klee@...> wrote:
      >
      > On Thu, Oct 18, 2012 at 9:05 AM, douglascrockford
      > <douglas@...> wrote:
      > > /*jslint evil: true */
      >
      > I am already using that comment, but it is misleading, because: This
      > eval is not evil.


      How do you expect JSLint to know that?
    • Felix E. Klee
      On Thu, Oct 18, 2012 at 2:02 PM, douglascrockford ... By checking the object: `eval`, `window.eval`, `global.eval`, etc. are evil Of course, it could be that
      Message 2 of 10 , Oct 18, 2012
      • 0 Attachment
        On Thu, Oct 18, 2012 at 2:02 PM, douglascrockford
        <douglas@...> wrote:
        >> This eval is not evil.
        >
        > How do you expect JSLint to know that?

        By checking the object: `eval`, `window.eval`, `global.eval`, etc. are
        evil

        Of course, it could be that somewhere, eval is reassigned to another
        object `x`:

        x.eval = eval;

        But so it could be that somewhere:

        x.f = eval;

        There is no perfect check, and every unknown (to JSLint) function could
        potentially be `eval`. Well, perhaps that's your point, and I should
        just amend the JSLint comment to tell other programmers what is
        happening here.
      • Marcel Duran
        Of course eval can be disguised in several ways, such as: window[ eval .toString()]( alert( foobar ) ); So your redis client could be:
        Message 3 of 10 , Oct 18, 2012
        • 0 Attachment
          Of course eval can be disguised in several ways, such as:

          window['eval'.toString()]('alert("foobar")');

          So your redis client could be:

          client['eval'.toString()]("return 100.5", 0, function (err, res) {

          and avoid jslint evil: true option

          @marcelduran


          On Thu, Oct 18, 2012 at 5:35 AM, Felix E. Klee <felix.klee@...> wrote:

          > **
          >
          >
          > On Thu, Oct 18, 2012 at 2:02 PM, douglascrockford
          > <douglas@...> wrote:
          > >> This eval is not evil.
          > >
          > > How do you expect JSLint to know that?
          >
          > By checking the object: `eval`, `window.eval`, `global.eval`, etc. are
          > evil
          >
          > Of course, it could be that somewhere, eval is reassigned to another
          > object `x`:
          >
          > x.eval = eval;
          >
          > But so it could be that somewhere:
          >
          > x.f = eval;
          >
          > There is no perfect check, and every unknown (to JSLint) function could
          > potentially be `eval`. Well, perhaps that's your point, and I should
          > just amend the JSLint comment to tell other programmers what is
          > happening here.
          >
          >
          >


          [Non-text portions of this message have been removed]
        • Kirk Cerny
          I think this eval is evil. I believe that it is close enough to a reserved word to avoid using it as a property name. I also think it makes the code harder to
          Message 4 of 10 , Oct 18, 2012
          • 0 Attachment
            I think this eval is evil.
            I believe that it is close enough to a reserved word to avoid using it as a
            property name.

            I also think it makes the code harder to read and understand, because
            whenever I read eval
            any where my first impression is that it is the eval function.
            I am required to change what my initial first glance assumption tells me.

            Kirk Cerny


            [Non-text portions of this message have been removed]
          • Felix E. Klee
            On Thu, Oct 18, 2012 at 6:46 PM, Marcel Duran ... Interesting hack, but I don t think this improves readability. Anyways, it s easier
            Message 5 of 10 , Oct 18, 2012
            • 0 Attachment
              On Thu, Oct 18, 2012 at 6:46 PM, Marcel Duran <marcelduran@...>
              wrote:
              > client['eval'.toString()]("return 100.5", 0, function (err, res) {

              Interesting hack, but I don't think this improves readability.

              Anyways, it's easier to just use alternative names:

              client.EVAL

              All Redis commands can be passed to the client either in all lowercase
              or all uppercase.
            • Felix E. Klee
              On Thu, Oct 18, 2012 at 7:22 PM, Kirk Cerny ... What s bad about using reserved words as property names? In his book, Douglas mentions
              Message 6 of 10 , Oct 18, 2012
              • 0 Attachment
                On Thu, Oct 18, 2012 at 7:22 PM, Kirk Cerny <kirksemail@...>
                wrote:
                > I believe that it is close enough to a reserved word to avoid using it
                > as a property name.

                What's bad about using reserved words as property names?

                In his book, Douglas mentions that it is *bad* that reserved words
                cannot be used as object property names without quoting:

                * Page 7, section "Names":

                It is not permitted to name a variable or parameter with a reserved
                word. Worse, it is not permitted to use a reserved word as the name
                of an object property in an object literal or following a dot in a
                refinement.

                * Page 103, section "Reserved Words":

                They cannot be used to name variables or parameters. When reserved
                words are used as keys in object literals, they must be quoted. They
                cannot be used with the dot notation, so it is sometimes necessary
                to use the bracket notation instead:

                var method; // ok
                var class; // illegal
                object = {box: value}; // ok
                object = {case: value}; // illegal
                object = {'case': value}; // ok
                object.box = value; // ok
                object.case = value; // illegal
                object['case'] = value; //

                > I also think it makes the code harder to read and understand, because
                > whenever I read eval any where my first impression is that it is the
                > eval function.

                So what about "case" in the above example? Would you also avoid using
                it?

                The dot notation namespaces variable names, and to me that is not
                confusing. To me reading `redisClient.eval` is no more confusing that
                something like `redisClient.redisEval`. If one is confused by this, then
                I propose avoiding `eval` at all, and instead name it `lave`. Surely,
                `redisClient.lave` is less confusing... ;-)

                I understand if Douglas doesn't want to make an exception on the basis
                that this would make the parser too complicated. All the other
                arguments, I don't understand.
              Your message has been successfully submitted and would be delivered to recipients shortly.