Loading ...
Sorry, an error occurred while loading the content.

escape()

Expand Messages
  • Dominic Mitchell
    Would it be possible to get JSLint to warn if you call the escape() function? The bad behaviour of this function has caused me problems this morning. It
    Message 1 of 4 , Sep 11 5:40 AM
    • 0 Attachment
      Would it be possible to get JSLint to warn if you call the escape()
      function? The bad behaviour of this function has caused me problems this
      morning. It encodes characters as %uXXXX instead of UTF-8 bytes. Plus, it
      doesn't handle plus characters. I think that most instances of this
      function should be replaced by encodeURIComponent().
      What do you think?

      Thanks,
      -Dom


      [Non-text portions of this message have been removed]
    • douglascrockford
      ... Depending on the options you choose, you current get either Error: Implied global: escape or Error: Problem at line 1 character 1: escape is not defined.
      Message 2 of 4 , Sep 11 12:37 PM
      • 0 Attachment
        --- In jslint_com@yahoogroups.com, Dominic Mitchell <dom@...> wrote:
        >
        > Would it be possible to get JSLint to warn if you call the escape()
        > function? The bad behaviour of this function has caused me problems this
        > morning. It encodes characters as %uXXXX instead of UTF-8 bytes. Plus, it
        > doesn't handle plus characters. I think that most instances of this
        > function should be replaced by encodeURIComponent().

        Depending on the options you choose, you current get either

        Error:

        Implied global: escape

        or

        Error:

        Problem at line 1 character 1: 'escape' is not defined.


        Why isn't that sufficient?
      • Dominic Mitchell
        ... Because it s quite likely that people would simply add /*global escape */ and carry on. Whereas a specific warning that escape() should be replaced by
        Message 3 of 4 , Sep 12 9:53 AM
        • 0 Attachment
          On Fri, Sep 11, 2009 at 8:37 PM, douglascrockford <douglas@...>wrote:

          > --- In jslint_com@yahoogroups.com, Dominic Mitchell <dom@...> wrote:
          > >
          > > Would it be possible to get JSLint to warn if you call the escape()
          > > function? The bad behaviour of this function has caused me problems this
          > > morning. It encodes characters as %uXXXX instead of UTF-8 bytes. Plus,
          > it
          > > doesn't handle plus characters. I think that most instances of this
          > > function should be replaced by encodeURIComponent().
          >
          > Depending on the options you choose, you current get either
          >
          > Error:
          >
          > Implied global: escape
          >
          > or
          >
          > Error:
          >
          > Problem at line 1 character 1: 'escape' is not defined.
          >
          >
          > Why isn't that sufficient?
          >

          Because it's quite likely that people would simply add /*global escape */
          and carry on. Whereas a specific warning that escape() should be replaced
          by encodeURIComponent() (at least, in a browser environment) would be a lot
          more helpful.

          -Dom


          [Non-text portions of this message have been removed]
        • pipwerks
          ... I agree with Dom that adding a suggestion to use encodeURIcomponent would be helpful, especially in light of its security implications. - philip
          Message 4 of 4 , Sep 13 12:08 AM
          • 0 Attachment
            --- In jslint_com@yahoogroups.com, Dominic Mitchell <dom@...> wrote:
            >
            > On Fri, Sep 11, 2009 at 8:37 PM, douglascrockford <douglas@...>wrote:
            >
            > > --- In jslint_com@yahoogroups.com, Dominic Mitchell <dom@> wrote:
            > > >
            > > > Would it be possible to get JSLint to warn if you call the escape()
            > > > function? The bad behaviour of this function has caused me problems this
            > > > morning. It encodes characters as %uXXXX instead of UTF-8 bytes. Plus,
            > > it
            > > > doesn't handle plus characters. I think that most instances of this
            > > > function should be replaced by encodeURIComponent().
            > >
            > > Depending on the options you choose, you current get either
            > >
            > > Error:
            > >
            > > Implied global: escape
            > >
            > > or
            > >
            > > Error:
            > >
            > > Problem at line 1 character 1: 'escape' is not defined.
            > >
            > >
            > > Why isn't that sufficient?
            > >
            >
            > Because it's quite likely that people would simply add /*global escape */
            > and carry on. Whereas a specific warning that escape() should be replaced
            > by encodeURIComponent() (at least, in a browser environment) would be a lot
            > more helpful.
            >
            > -Dom
            >
            >
            > [Non-text portions of this message have been removed]
            >


            I agree with Dom that adding a suggestion to use encodeURIcomponent would be helpful, especially in light of its security implications.

            - philip
          Your message has been successfully submitted and would be delivered to recipients shortly.