Loading ...
Sorry, an error occurred while loading the content.

Re: [jslint] Re: escape()

Expand Messages
  • Dominic Mitchell
    ... Because it s quite likely that people would simply add /*global escape */ and carry on. Whereas a specific warning that escape() should be replaced by
    Message 1 of 4 , Sep 12, 2009
    View Source
    • 0 Attachment
      On Fri, Sep 11, 2009 at 8:37 PM, douglascrockford <douglas@...>wrote:

      > --- In jslint_com@yahoogroups.com, Dominic Mitchell <dom@...> wrote:
      > >
      > > Would it be possible to get JSLint to warn if you call the escape()
      > > function? The bad behaviour of this function has caused me problems this
      > > morning. It encodes characters as %uXXXX instead of UTF-8 bytes. Plus,
      > it
      > > doesn't handle plus characters. I think that most instances of this
      > > function should be replaced by encodeURIComponent().
      >
      > Depending on the options you choose, you current get either
      >
      > Error:
      >
      > Implied global: escape
      >
      > or
      >
      > Error:
      >
      > Problem at line 1 character 1: 'escape' is not defined.
      >
      >
      > Why isn't that sufficient?
      >

      Because it's quite likely that people would simply add /*global escape */
      and carry on. Whereas a specific warning that escape() should be replaced
      by encodeURIComponent() (at least, in a browser environment) would be a lot
      more helpful.

      -Dom


      [Non-text portions of this message have been removed]
    • pipwerks
      ... I agree with Dom that adding a suggestion to use encodeURIcomponent would be helpful, especially in light of its security implications. - philip
      Message 2 of 4 , Sep 13, 2009
      View Source
      • 0 Attachment
        --- In jslint_com@yahoogroups.com, Dominic Mitchell <dom@...> wrote:
        >
        > On Fri, Sep 11, 2009 at 8:37 PM, douglascrockford <douglas@...>wrote:
        >
        > > --- In jslint_com@yahoogroups.com, Dominic Mitchell <dom@> wrote:
        > > >
        > > > Would it be possible to get JSLint to warn if you call the escape()
        > > > function? The bad behaviour of this function has caused me problems this
        > > > morning. It encodes characters as %uXXXX instead of UTF-8 bytes. Plus,
        > > it
        > > > doesn't handle plus characters. I think that most instances of this
        > > > function should be replaced by encodeURIComponent().
        > >
        > > Depending on the options you choose, you current get either
        > >
        > > Error:
        > >
        > > Implied global: escape
        > >
        > > or
        > >
        > > Error:
        > >
        > > Problem at line 1 character 1: 'escape' is not defined.
        > >
        > >
        > > Why isn't that sufficient?
        > >
        >
        > Because it's quite likely that people would simply add /*global escape */
        > and carry on. Whereas a specific warning that escape() should be replaced
        > by encodeURIComponent() (at least, in a browser environment) would be a lot
        > more helpful.
        >
        > -Dom
        >
        >
        > [Non-text portions of this message have been removed]
        >


        I agree with Dom that adding a suggestion to use encodeURIcomponent would be helpful, especially in light of its security implications.

        - philip
      Your message has been successfully submitted and would be delivered to recipients shortly.