JavaScript

src: tekraze.com

JavaScript ( ), often abbreviated as JS , is an interpreted high-level programming language. It is a language that is also characterized as dynamic, weak typed, prototype-based and multi-paradigm.

Along with HTML and CSS, JavaScript is one of the three core technologies of the World Wide Web. JavaScript allows interactive web pages and is thus an essential part of web applications. Most websites use them, and all major web browsers have a custom JavaScript engine to run them.

As a multi-paradigm language, JavaScript supports event-driven, functional, and imperative (including object-oriented and prototype-based) programming styles. It has an API to work with text, arrays, dates, regular expressions, and basic DOM manipulations, but the language itself does not include I/O, such as network, storage, or graphics facilities, relying on this in the host environment where it is embedded.

Initially only client-side implemented in web browsers, JavaScript engines are now embedded in many other types of host software, including server side on web servers and databases, and in non-web programs such as word processors and PDF software, and in process time environments that make JavaScript available for writing mobile and desktop apps, including desktop widgets.

While there are strong external similarities between JavaScript and Java, including their respective language names, syntax, and standard libraries, they are different and very different in design; JavaScript is influenced by programming languages ​​such as Self and Schema.

Video JavaScript

Histori

Permulaan di Netscape

In 1993, the National Center for Supercomputing Applications (NCSA), a unit of the University of Illinois at Urbana-Champaign, released NCSA Mosaic, the first popular graphical web browser, which plays an important role in expanding the growth of the new World Wide. Web. In 1994, a company called Mosaic Communications was established in Mountain View, California and employed many original NCSA Mosaic authors to create Mosaic Netscape. However, this intentionally does not share code with NCSA Mosaic. The internal name code for the enterprise browser is Mozilla, which means "Mosaic killer", because the company's goal is to replace NCSA Mosaic as the world's number one web browser. The first version of the Web browser, Mosaic Netscape 0.9, was released in late 1994. Within four months it has taken three quarters of the browser market and became the primary browser for the Internet in the 1990s. To avoid having trademark ownership issues with NCSA, the browser was renamed Netscape Navigator in the same year, and the company took the name Netscape Communications. Netscape Communications recognizes that the Web needs to be more dynamic. Marc Andreessen, founder of the company believes that HTML needs a "glue language" that is easy to use by Web designers and part-time programmers to assemble components such as drawings and plugins, where code can be written directly on the markup webpage.

In 1995, Netscape Communications recruited Brendan Eich with the goal of embedding the Scheme programming language into Netscape Navigator. Before he could start, Netscape Communications collaborated with Sun Microsystems to incorporate Netscape Navigator Sun into a more static Java programming language, in order to compete with Microsoft for the adoption of technology users and Web platforms. Netscape Communications then decided that the scripting language they wanted to create would complement Java and must have the same syntax, which does not include other languages ​​like Perl, Python, TCL, or Schema. To defend JavaScript ideas against competing proposals, companies need prototypes. Eich wrote one in 10 days, in May 1995.

Although it was developed under the name Mocha , it was officially called LiveScript when it was first submitted in the Netscape Navigator 2.0 beta release in September 1995, but its name was changed to JavaScript when deployed in Netscape Navigator 2.0 beta 3 in December. The last option of the name causes confusion, giving the impression that language is a spin-off of the Java programming language, and that choice has been characterized as a marketing tactic by Netscape to give JavaScript a stamp of what then becomes a hot new Web. programming language.

There is a common misconception that JavaScript is affected by the previous Web page scripting language developed by Nombas named Cmm (not to be confused with C-- then made in 1997). Brendan Eich, however, had never heard of Cmm before he made LiveScript. Nombas pitches their embedded Web page scripting to Netscape, although scripting a web page is not a new concept, as demonstrated by the ViolaWWW Web browser. Nombas then switches to JavaScript bidding instead of Cmm in their ScriptEase product and is part of the TC39 group that creates the ECMAScript standard.

JavaScript server-side

In December 1995, soon after the release of JavaScript for the browser, Netscape introduced language implementations for server-side scripting with Netscape Enterprise Server.

Since 1996, IIS web-server has supported Microsoft's implementation of Javascript server side - JScript - on ASP and.NET pages.

Since the mid-2000s, additional server-side JavaScript implementations have been introduced, such as Node.js in 2009.

Adoption by Microsoft

Microsoft's script technologies including VBScript and JScript were released in 1996. JScript, the reverse-engineered implementation of Netscape's JavaScript, is part of Internet Explorer 3. JScript is also available for server-side scripting on Internet Information Server. Internet Explorer 3 also includes Microsoft's first support for CSS and various extensions to HTML, but in each case the implementation was different from what was found in Netscape Navigator at the time. These differences make it difficult for designers and programmers to make a single website work well in both browsers, leading to the use of the "best viewed in Netscape" and "best viewed in Internet Explorer" logos that mark the early years of the browser war. JavaScript is gaining a reputation as one of the roadblocks to standard cross-platform and Web-driven platforms. Some developers take on the difficult task of trying to make their site work in both main browsers, but many can not afford the time. With the launch of Internet Explorer 4, Microsoft introduced the Dynamic HTML concept, but differences in different language implementations and the exclusive and exclusive Docs Object Model persist and become an obstacle to overtaking JavaScript on the Web.

Standardization

In November 1996, Netscape sent JavaScript to ECMA International to carve out standard specifications, which could then be applied by other browser vendors based on work done in Netscape. This led to the official release of the ECMAScript language specification published in the first edition of the ECMA-262 standard in June 1997, with JavaScript being the most well-known of the implementations. ActionScript and JScript are other well-known ECMAScript implementations.

The standard process continued in the cycle, with the release of ECMAScript 2 in June 1998, which brought some modifications to conform to the international standard ISO/IEC 16262. The launch of ECMAScript 3 was followed in December 1999, which is the basis for modern JavaScript. The original ECMAScript 4 work led by Waldemar Horwat (later in Netscape, now in Google) began in 2000 and initially, Microsoft seems to participate and even implement some proposals in JScript.NET.

Over time, it is clear that Microsoft does not intend to cooperate or implement proper JavaScript in Internet Explorer, even though they have no competing proposals and they have a partial implementation (and diverged at this point) on the NET server side. So in 2003, the original ECMAScript 4 work was mothballed.

The next big event was in 2005, with two major happenings in the history of JavaScript. First, Brendan Eich and Mozilla rejoin Ecma International as a nonprofit member and work begins on ECMAScript for XML (E4X), the ECMA-357 standard, originating from former Microsoft employees at BEA Systems (originally acquired as Crossgain). This led to collaboration with Macromedia (later acquired by Adobe Systems), which implements E4X in ActionScript 3 (ActionScript 3 is a native ECMAScript 4 fork).

So, along with Macromedia, work is restarted on ECMAScript 4 with the goal of standardizing what's in ActionScript 3. For this purpose, Adobe Systems released ActionScript Virtual Machine 2, code named Tamarin, as an open source project. But Tamarin and ActionScript 3 are too different from convergent JavaScript webs, as the parties realized in 2007 and 2008.

Unfortunately, there is still turmoil among various players; Douglas Crockford - then on Yahoo! - joined Microsoft in 2007 to oppose ECMAScript 4, leading to ECMAScript 3.1 attempts. ECMAScript 4 development is never finished, but it affects the next version.

While all this is happening, the open source community and developers are starting to work to revolutionize what can be done with JavaScript. This community effort was triggered in 2005 when Jesse James Garrett released a white paper in which he coined the term Ajax, and described a set of technologies, which JavaScript is the backbone, used to create web applications where data can be loaded in the background, avoiding loading needs full page reset and leads to a more dynamic app. This results in a renaissance period of JavaScript usage pioneered by open source libraries and communities that formed around them, with libraries like Prototype, jQuery, Dojo Toolkit, MooTools, and others released.

In July 2008, different parties on both sides gathered in Oslo. This led to a deal in early 2009 to rename ECMAScript 3.1 to ECMAScript 5 and push forward the language using an agenda known as Harmony. ECMAScript 5 was finally released in December 2009.

In June 2011, ECMAScript 5.1 was released to be fully in line with the third edition of the international standard ISO/IEC 16262. ECMAScript 2015 was released in June 2015. ECMAScript 2016 was released in June 2016. The current version is ECMAScript 2017, released in June 2017.

Next development

JavaScript has become one of the most popular programming languages ​​on the Web. Initially, however, many professional programmers are degrading the language because, among other reasons, the target audience consists of Web writers and other "amateurs". The emergence of Ajax returns JavaScript into the spotlight and brings more professional programming attention. The result is a comprehensive proliferation of frameworks and libraries, improved JavaScript programming practices, and increased use of JavaScript outside of Web browsers, as seen by server side JavaScript proliferation.

In January 2009, the CommonJS project was established with the goal of setting a common standard library primarily for JavaScript development outside the browser.

With the advent of single-page applications and heavy JavaScript sites, more and more are used as compilation targets for source-to-source compilers from both dynamic languages ​​and static languages.

Maps JavaScript

Trademark

"JavaScript" is a trademark of Oracle Corporation in the United States. It is used under license for technologies created and implemented by Netscape Communications and current entities such as the Mozilla Foundation.

src: www.lform.com

Vanilla JavaScript

The terms Vanilla JavaScript and Vanilla JS refer to JavaScript that is not extended by any additional frameworks or libraries. The script written in Vanilla JS is a plain JavaScript code.

src: codecondo.com

Features

The following features are common to all appropriate ECMAScript implementations, unless explicitly specified otherwise.

Universal support

All modern Web browsers support JavaScript with a built-in interpreter.

imperative and structured

JavaScript supports many structured programming syntax of C statements (eg, if , while loop, switch , do when , etc.). One partial exception is scoping: JavaScript initially only works scoping with var . ECMAScript 2015 adds let and const keywords for block coverage, which means JavaScript now has block function and blocking. Like C, JavaScript makes the difference between expressions and statements. One syntactic difference from C is the insertion of an automatic semicolon, which allows a semicolon that usually terminates a statement to be omitted.

Dynamic

Type

Like most scripting languages, JavaScript is typed dynamically; a type is associated with each value, not just with each expression. For example, a variable that is at one time bound to a number may then be tied back to a string. JavaScript supports various ways to test object types, including typing ducks.

Run-time evaluation

JavaScript includes the eval function that can execute statements that are provided as strings at run-time.

JavaScript is almost completely object-based. In JavaScript, the object is an associative array, coupled with a prototype (see below); each string key provides a name for the object property, and there are two syntactic ways to specify such a name: point notation ( obj.xÃ, = 10 ) and bracket notation ( obj ['x'] Ã, = Ã, 10 ). Properties can be added, restored, or deleted at run-time. Most properties of an object (and any property owned by the prototype object's inheritance chain) can be enumerated using the loop for... in .

JavaScript has a small number of built-in objects, including Function and Date .

Prototype

JavaScript uses prototypes in which many other object-oriented languages ​​use classes for inheritance. It is possible to simulate many class-based features with prototypes in JavaScript.

Works as an object constructor

Double functions as object constructors, along with their distinctive roles. The function call prefix with the new will create a derivative of the prototype, inheriting the properties and methods of the constructor (including the properties of the Object prototype). ECMAScript 5 offers the Object.create method, enabling the creation of instances explicitly without inheriting automatically from the Object prototype (the older environment can assign prototypes to null ). The prototype property of the constructor specifies the object used for the internal prototype of the new object. New methods can be added by modifying the prototype of the function used as the constructor. The default JavaScript constructor, like Array or Object , also has a modifiable prototype. Although it is possible to modify the Object prototype, it is generally considered a bad practice since most objects in JavaScript will inherit methods and properties from the Object prototype, and they may not expect the prototype to be modified.

Works as the

method

Unlike many object-oriented languages, there is no difference between function definitions and method definitions. Conversely, differences occur during function calls; when a function is called as an object method, the local keyword is bound to that object for the request.

Functional

The function is first class; a function is considered an object. Thus, a function can have properties and methods, such as .call () and .bind () . The nested function is a function specified in another function. This is created every time an outer function is called. In addition, each nested function forms a lexical closure: The lexical scope of the outer function (including constant, local, or argument variables) becomes part of the internal state of each function object in, even after the execution of the outer function concludes. JavaScript also supports anonymous functions.

Delegate

JavaScript supports both implicit and explicit delegations.

Works as a role (Traits and Mixins)

JavaScript natively supports various function-based implementations of Role patterns such as Traits and Mixins. Such a function defines additional behavior with at least one method tied to the this keyword in its function body. Roles must then be explicitly delegated via call or apply to objects that need to display additional behavior that is not shared through the prototype chain.

The composition of objects and inheritance

While explicit function-based delegates do not include compositions in JavaScript, implicit delegates have occurred every time a prototype chain runs for, for example, finding methods that may be related but not directly owned by the object. Once the method is found it is called in the context of this object. So the inheritance in JavaScript is covered by a delegate automatism that is bound to the prototype property of the constructor function.

Miscellaneous

Run-time environment

JavaScript typically depends on the running time environment (e.g., Web browser) to provide objects and methods in which scripts can interact with the environment (for example, DOM web pages). It also depends on the run-time environment to provide the ability to include/import scripts (for example, HTML & lt; script & gt; ) elements. This is not a language feature per se, but this is common in most JavaScript implementations.

JavaScript processes messages from one queue at a time. When loading a new message, JavaScript calls the function associated with that message, which creates a call stack frame (function arguments and local variables). Call stack shrinks and grows based on functional requirements. After the completion of the function, when the stack is empty, the JavaScript results to the next message in the queue. This is called the event loop, described as "run to completion" because each message is processed completely before the next message is considered. However, the language concurrency model describes the event loop as non-blocking: the program input/output is performed using event and callback functions. This means, for example, that JavaScript can process mouse clicks while waiting for a database query to return information.

Variadic Functions

The unlimited number of parameters can be passed to a function. This function can access it through formal parameters and also through local arguments objects. Variadic functions can also be created using the bind method.

Arrays and literal objects

Like many scripting languages, arrays and objects (associative arrays in other languages) can each be created with shortcut syntax. In fact, these literals form the basis of the JSON data format.

Regular expression

JavaScript also supports regular expressions in a manner similar to Perl, which provides a compact and powerful syntax for more sophisticated text manipulation than the built-in string function.

vendor-specific extensions

JavaScript is officially managed by the Mozilla Foundation, and new language features are added periodically. However, only some JavaScript engines support these new features:

• getter function and property setter (supported by WebKit, Gecko, Opera, ActionScript, and Rhino)
• conditional catch clause
• the iterator protocol (adopted from Python)
• generator-coroutina shallow (adopted from Python)
• array comprehensions and generator expressions (adopted from Python)
• the exact block span through the let
keyword
• array and destructing object (limited pattern matching form)
• expressive function expression ( (args) expr )
function
• ECMAScript for XML (E4X), an extension that adds native XML support to ECMAScript (not supported in Firefox since version 21)

src: cdn.scotch.io

Syntax

Simple example

Variables within JavaScript can be defined using the var , let or const keyword.

Notice the comments in the above example, all of which are preceded by two forward slashes.

No built-in I/O functionality in JavaScript; the run-time environment provides it. The ECMAScript specification in 5.1 mentions:

... indeed, there is no provision in this specification for external data input or output of calculated results.

However, most runtime environments have console objects that can be used to print output. Here is a minimalist Hello World program in JavaScript :

Simple recursive function:

Anonymous (or lambda) functions:

This example shows that, in JavaScript, function closure captures their non-local variables by reference .

In JavaScript, objects are created in the same way as functions, these are known as function objects.

Example object:

Demonstration of variadic function ( argument is a special variable):

The expression of the immediately used function is often used to create modules, because before ECMAScript 2015 there is no built-in construction in the language. Modules allow the collection of properties and methods in the namespace and make some of them private:

Further examples

This sample code displays various JavaScript features.

The following output should be displayed in the browser window.

src: cdn.scotch.io

Use on web page

As of May 2017, 94.5% of the top 10 million web pages use JavaScript. The most common use of JavaScript is to add client-side behavior to an HTML page, also known as Dynamic HTML (DHTML). The script is embedded in or included from the HTML page and interacts with the Document Object Model (DOM) of the page. Some simple examples of this usage are:

• Loading new page content or sending data to the server via Ajax without reloading the page (for example, social networks allow users to post status updates without leaving the page).
• Animation page element, waning in and out, resizing, moving it, etc.
• Interactive content, such as games, and play audio and video.
• Validate the input value of the Web form to make sure it is received before it is sent to the server.
• Submit information about reading habits and user browsing activities to various websites. Web pages often do this for web analytics, ad tracking, personalization or other purposes.

Because JavaScript code can run locally in the user's browser (not on a remote server), the browser can respond to user actions quickly, making the app more responsive. Furthermore, JavaScript code can detect user actions that HTML can not perform, such as individual keystrokes. Applications like Gmail take advantage of this: many user interface logic is written in JavaScript, and JavaScript sends information requests (such as email message content) to the server. A wider trend of Ajax programming also exploits this power.

The JavaScript engine (also known as a JavaScript interpreter or JavaScript implementation) is a translator that interprets the JavaScript source code and executes scripts accordingly. The first JavaScript engine was created by Brendan Eich in Netscape, for the Netscape Navigator Web browser. The machine, code-named SpiderMonkey, is implemented in C. It has since been updated (in JavaScript 1.5) to conform to ECMAScript 3. Rhino machines, created primarily by Norris Boyd (formerly in Netscape, now in Google) are JavaScript implementations in Java. Rhino, like SpiderMonkey, is the corresponding ECMAScript 3.

The Web browser is the most common host environment for JavaScript. Web browsers usually create "host objects" to represent DOM in JavaScript. The Web server is another common host environment. A JavaScript Web server will usually expose a host object that represents HTTP requests and response objects, which can then be interrogated and manipulated by a JavaScript program to dynamically generate web pages.

Since JavaScript is the only language supported by most popular browsers, it has become the target language for many frameworks in other languages, although JavaScript was never meant to be such a language. Despite the inherent performance limitations of its dynamic nature, the increase in the speed of the JavaScript engine has made the language a compelling target that is surprisingly feasible.

Script examples

Below is a minimal example of a standard-conforming web page containing JavaScript (using HTML 5 syntax) and DOM:

Compatibility considerations

Because JavaScript runs in various environments, an important part of testing and debugging is to test and verify that JavaScript works in multiple browsers.

The DOM interface for manipulating Web pages is not part of the ECMAScript standard, nor of JavaScript itself. Officially, the DOM interface is defined by a separate standardization effort by the W3C; in practice, browser implementations are different from standards and from each other, and not all browsers execute JavaScript.

To resolve this discrepancy, JavaScript writers can try to write the appropriate standard code that will also be executed correctly by most browsers; If it fails, they can write code that checks for the existence of certain browser features and behaves differently if not available. In some cases, two browsers can implement features but with different behaviors, and the authors may find it practical to detect what browsers are running and change their script behavior to match. Programmers can also use libraries or toolkits that take into account browser differences.

Furthermore, the script may not work for some users. For example, a user can:

• using old or rare browsers with incomplete or unusual DOM support;
• using a PDA or mobile browser that can not execute JavaScript;
• has disabled JavaScript execution as a security precaution;
• uses a greeting browser because, for example, visual impairment.

To support this user, Web authors can try to create a graceful page on user-agents (browsers) that do not support JavaScript pages. Specifically, the page remains usable even without any additional features that JavaScript will add. Some sites use HTML & lt; noscript & gt; tag, which contains alt content if JS is disabled. A much preferred alternative approach is to first author content using basic technology that works across all browsers, then improving content for users who have JavaScript enabled. This is known as progressive enhancement.

src: activatesaga.com

Security

JavaScript and DOM provide the potential for malicious authors to submit scripts to run on client computers over the Web. The author browser minimizes this risk using two restrictions. First, the script runs in a sandbox where they can only perform web-related actions, not general-purpose programming tasks such as creating files. Second, scripts are limited by the same origin policy: scripts from one website do not have access to information such as usernames, passwords or cookies sent to other sites. Most security bugs related to JavaScript are a violation of either the same origin policy or sandbox.

There is a subset of common JavaScript - ADsafe, Secure ECMAScript (SES) - which provides greater security, especially on code created by third parties (such as ads). Caja is another project for secure embedding and isolation of third-party JavaScript and HTML.

The Content Safety Policy is the primary method that is intended to ensure that only trusted code is executed on a Web page.

Cross-site vulnerability

A common security issue related to JavaScript is cross-site scripting (XSS), a violation of the same origin policy. XSS vulnerability occurs when an attacker can cause a targeted website, such as an online banking website, to include a malicious script on a web page served to the victim. The script in this example can then access banking applications with the privilege of the victim, potentially disclosing confidential information or transferring money without the victim's authorization. The solution to XSS vulnerability is to use HTML escape each time it displays data that is not trusted.

Some browsers include partial protection against XSS reflected attacks, in which the attacker provides URLs including malicious scripts. However, even users of such browsers are vulnerable to other XSS attacks, such as where malicious code is stored in the database. Only true Web server application design can completely prevent XSS.

XSS vulnerabilities can also occur due to implementation errors by the author of the browser.

Another cross-site vulnerability is cross-site request forgery (CSRF). In CSRF, the code on the attacker's site tricks the victim's browser to take actions that the user does not perform on the target site (such as transferring money in the bank). This works because, if the target site depends only on the cookie to authenticate the request, then the request initiated by the code on the attack site will bring the same valid login credentials to the request initiated by the user. In general, the solution for CSRF is to require an authentication value in the hidden form field, and not just in cookies, to authenticate any request that may have lasting effects. Checking HTTP Referrers can also help.

"JavaScript hijacking" is a type of CSRF attack where the & lt; script & gt; on the attacker site exploits a page on the victim's site that returns personal information like JSON or JavaScript. Possible solutions include:

• requires an authentication token in POST and GET parameters for any response that returns personal information.

Ignoring trust in clients

The client-server application developer must recognize that unreliable clients may be under the control of the attacker. The app writer can not assume that the JavaScript code will run as intended (or at all) because any secret that is embedded in the code can be extracted by the specified enemy. Some of the implications are:

• Website authors can not perfectly hide the way their JavaScript operates because raw source code must be sent to clients. Code can be obfuscated, but obfuscation can be reverse engineered.
• JavaScript form validation only makes it easy for users, not security. If the site verifies that the user accepts their terms of service, or filters out invalid characters outside of fields that should only contain numbers, it must do so on the server, not just the client.
• Scripts can be selectively deactivated, so JavaScript is unreliable to prevent operations such as right-clicking on an image to save it.
• A very bad practice to embed sensitive information like passwords in JavaScript because it can be extracted by attackers.

Ignoring trust in developers

Package management systems like npm and Bower are popular with JavaScript developers. Such systems allow developers to easily manage their program dependencies in other developer program libraries. Developers believe that library managers will keep them safe and up to date, but that's not always the case. Vulnerability has emerged because of this blind belief. Released libraries can have new releases that cause bugs or vulnerabilities to appear in all library-dependent programs. By contrast, libraries can not be patched with known vulnerabilities in the wild. In a study conducted by looking at a sample of 133k websites, the researchers found 37% of websites included libraries with at least one known vulnerability. "The median lag between the oldest library version used on every website and the latest version of the library was 1,177 days at ALEXA, and the development of several libraries was still in active use quit a few years ago." Another possibility is that library managers can remove the library completely. This happened in March 2016 when Azer KoÃÆ'§ulu moved the repository from npm. This has caused tens of thousands of programs and websites to rely on their libraries for damage.

Browser and plugin encoding error

JavaScript provides an interface to various browser capabilities, some of which may have flaws such as buffer overflows. This flaw could allow attackers to write scripts that would run whatever code they want on the user's system. This code is not limited to other JavaScript applications. For example, a buffer overrun exploit can allow an attacker to gain access to the operating system APIs with superuser rights.

This shortage has affected major browsers including Firefox, Internet Explorer, and Safari.

Plugins, such as video players, Adobe Flash, and various ActiveX controls that are enabled by default in Microsoft Internet Explorer may also have weaknesses that can be exploited via JavaScript (such weaknesses have been used in the past).

In Windows Vista, Microsoft has attempted to load bug risks such as buffer overflows by running the Internet Explorer process with limited privileges. Google Chrome also limits the rendering of its pages to their own "sandbox".

Sandbox implementation error

The web browser is able to run JavaScript outside the sandbox, with the privileges required to, for example, create or delete files. Of course, such privileges are not meant to be coded from the Web.

Giving improper privileges to JavaScript from the Web has played a role in vulnerabilities in Internet Explorer and Firefox. In Windows XP Service Pack 2, Microsoft decreases the JScript privilege in Internet Explorer.

Microsoft Windows allows JavaScript source files on the computer's hard drive to be launched as a general purpose non-sandbox program (see: Windows Script Host). This makes JavaScript (like VBScript) the vector that theoretically can be used for Trojan horses, although the JavaScript Trojan horse is rarely in practice.

Hardware vulnerabilities

By 2015, the implementation of the concept-based-concept of JavaScript-based rowhammer attacks is described in a paper by security researchers.

By 2017, JavaScript-based attacks via browsers are shown that can pass through ASLR. This is called "ASLR? Cache" or AnC.

src: d1tvk6jrw60uvw.cloudfront.net

Using outside web pages

In JavaScript, access to the debugger becomes invaluable when developing a large program that is not trivial. Because there can be different implementations between different browsers (especially in the DOM), it will be useful to have access to the debugger for each browser that targets Web applications.

The script debugger is integrated in Internet Explorer, Firefox, Safari, Google Chrome, Opera, and Node.js.

In addition to the original Internet Explorer Developer Tools, three debuggers are available for Internet Explorer: Microsoft Visual Studio is the richest of the three, followed by Microsoft Script Editor (Microsoft Office component), and ultimately a much more basic Microsoft Script Debugger than the other two. Microsoft Visual Web Developer Express provides a limited version of JavaScript debugging functionality in Microsoft Visual Studio. Internet Explorer has included developer tools since version 8.

Compared to Internet Explorer, Firefox has a more comprehensive set of developer tools, which also includes a debugger. Older versions of Firefox without this tool use a Firefox addon called Firebug, or an older Venkman debugger. Also, WebKit's Web Inspector includes a JavaScript debugger, used in Safari. A modified version called Blink DevTools is used in Google Chrome. Node.js has a Node Inspector, an interactive debugger integrated with Blink DevTools, available in Google Chrome. Opera includes a set of tools called Dragonfly.

In addition to native computer software, there is an online JavaScript IDE, a self-written debugging tool in JavaScript and built to run on the Web. An example is the JSLint program, developed by Douglas Crockford who has written extensively on languages. JSLint scans JavaScript code for conformance with a set of standards and guidelines. Many libraries for JavaScript, such as three.js, provide links to user-editable demonstration codes. They are also used as pedagogical tools by institutions such as Khan Academy to allow students to experience writing code in environments where they can view the output of their program, without the need for any setting outside the Web browser.

src: media.wired.com

Benchmark tools for developers

Since JavaScript becomes more important for web development (frontend following many aspects done in the previous backend), there are also more considerations about performance. Especially mobile devices can have problems with rendering and processing of complex logic that is not optimized.

The library for benchmarking is benchmark.js. A benchmark library that supports high-resolution settings and produces statistically significant results.

Another tool is jsben.ch. The online JavaScript comparison tool, where code snippets can be tested against each other.

src: i.ytimg.com

Version history

JavaScript was originally developed in 1996 for use in the Netscape Navigator Web browser. In the same year Microsoft released an implementation for Internet Explorer. This implementation is called JScript due to trademark issues. In 1997, the first standard language version was released under the name ECMAScript in the first edition of the standard ECMA-252.

Explicit versions and language feature optics are Mozilla specific and have been deleted in later versions of Firefox (at least by Firefox 59). Firefox 4 is the last version that refers to an explicit JavaScript version (1.8.5). With the new edition of the ECMA-262 standard, JavaScript language features are now often mentioned with their initial definition in the ECMA-262 edition.

The following table explicitly versioned JavaScript is based on information from various sources.

src: cdn.scotch.io

Language and related technologies

JSON, or JavaScript Object Notation, is a general-purpose data exchange format defined as a subset of JavaScript object literal syntax. Like many JavaScript (regexps and anonymous functions as class 1 element, closing, flexible class, 'strict use'), JSON, except to replace operator key value Perl '= & gt;' by RFC 822 inspired ':', is Perl is syntactically pure.

jQuery is a popular JavaScript library designed to simplify DOM-oriented client side HTML scripts along with offering cross-browser compatibility as different browsers respond differently to certain vanilla JavaScript codes.

Underscore.js is a JavaScript utility library for data manipulation used on both the client side and server-side applications.

Angular and AngularJS are web application frameworks used to develop single-page applications as well as cross platform mobile applications.

React (JavaScript library) is an open source JavaScript library that provides views displayed using components defined as custom HTML tags.

Mozilla browser currently supports LiveConnect, a feature that allows JavaScript and Java to communicate with each other on the Web. However, Mozilla's special support for LiveConnect is scheduled to be deleted in the future to support LiveConnect handling via NPAPI to Java 1.6 plug-in (not supported on Mac as of March 2010). Most browser check tools, such as Firebug in Firefox, include a JavaScript interpreter that can act on visible DOM pages.

asm.js is a subset of JavaScript that can run on any JavaScript engine or run faster in a previous compilation machine (AOT).

JSFuck is an esoteric programming language. The program is written using only six different characters, but still valid JavaScript code.

p5.js is an object-oriented JavaScript library designed for artists and designers. It's based on the idea of ​​a Processing project but for the web.

jsben.ch is an online JavaScript comparison tool, where different code snippets can be tested against each other.

CRISP: Strategy that guides Cloud Application Development for Beginners is a strategy proposed by Ayush Sahu to develop JavaScript applications that are optimized and safe for use on mobile phones, PCs and other devices. CRISP (Conversion, Reformat code, isolation module, Sandbox, Partition) strategy has been proposed for the smooth conversion of native applications to JavaScript for cloud application development. JavaScript is chosen as a medium for writing applications because it is mostly used language among developers and provides rich API (Application Programming Interface) for writing applications.

Use as intermediate language

Since JavaScript is the most supported client-side language that can run inside a Web browser, JavaScript has become an intermediate language for other targeted languages. This includes newly created languages ​​and ports from existing languages. Some of them include:

• OberonScript, a full implementation of the Oberon programming language that compiles into high-level JavaScript.
• Objective-J, a JavaScript superset that compiles to standard JavaScript. This adds to the traditional heritage and dynamic delivery of the Smalltalk/Objective-C style and the optional pseudo-static conversion to JavaScript.
• Processing.js, a JavaScript port of a Processing programming language designed to write visualizations, images, and interactive content. This allows the Web browser to display animations, visual apps, games, and other graphically rich content without requiring Java applets or Flash plugins.
• CoffeeScript, the alternative syntax for JavaScript is meant to be more concise and easy to read. It adds features like array comprehensions (also available in JavaScript since version 1.7) and pattern matching. Like Objective-J, it compiles into JavaScript. Ruby and Python have been cited as having an effect on CoffeeScript syntax.
• Google Web Toolkit translates a portion of Java to JavaScript.
• Scala, an object-oriented and functional programming language, has a Scala-to-JavaScript compiler.
• Pyjs, the Google Web Toolkit port for Python translates a subset of Python to JavaScript.
• Google Dart, a multipurpose open source language compiled into JavaScript.
• Whalesong, Racket-to-JavaScript compiler.
• Emscripten, backend LLVM for porting the original libraries to JavaScript, known as asm.js
• Fantom is a programming language that runs in JVM,.NET, and JavaScript.
• TypeScript, a free and open source programming language developed by Microsoft. This is a JavaScript superset, and basically adds support for optional type annotations and some other language extensions like classes, interfaces and modules. TS-scripts are compiled into plain JavaScript and can run on all JS hosts that support ECMAScript 3 or higher. The compiler itself is written in TypeScript.
• Elm (programming language) is a pure functional language for web applications. Unlike handwriting JavaScript, the JavaScript created by Elm has no runtime exceptions, travel time debugger, and semantic versions applied.
• Haxe, a high-level open source multiplatform programming language and compiler that can generate applications and source code for various platforms including JavaScript.
• ClojureScript, a compiler for Clojure that targets JavaScript. It's designed to transmit compatible JavaScript code with advanced compile mode from the Google Closure optimizer compiler.
• SqueakJS, virtual machine and DOM environment for open-source Squeak implementation of the Smalltalk programming language.
• Pascal Free, a compiler for Pascal that targets JavaScript.

Because JavaScript has unusual limitations - like no explicit integer type, only double-precision binary floating point languages ​​are compiled into JavaScript and are not careful to use integer-convert shifts and bitwise logic operators may have slightly different behavior than those another environment.

JavaScript and Java

A common misconception is that JavaScript is similar or closely related to Java. It is true that both have a syntax like -C (C language is their most common ancestral language). They are also usually sandboxed (when used inside the browser), and JavaScript is designed with Java syntax and standard libraries in mind. Specifically, all Java keywords are backed up in native JavaScript, JavaScript standard libraries follow Java naming conventions, and JavaScript Math and the object date is based on a class from Java 1.0 , but the similarity ends there.

Java and JavaScript both first appeared in 1995, but Java was developed by James Gosling from Sun Microsystems, and JavaScript by Brendan Eich from Netscape Communications.

The difference between the two languages ​​is more prominent than their equations. Java has static typing, while JavaScript typing is dynamic. Java is taken from bytecode compiled, while JavaScript is loaded as a human readable source code. Class-based Java objects, while JavaScript-based prototypes. Finally, Java does not support functional programming until Java 8, while JavaScript has done it early on, influenced by the Scheme.

WebAssembly

Starting in 2017, the web browser began to support WebAssembly, a technology standardized by the W3C. The WebAssembly standard specifies the binary format, which can be produced by compiler toolchain like LLVM, to run in the browser at near native speed. WebAssembly allows programming languages ​​like C, C, C # and Java to use as well as JavaScript to create client-side code for the World Wide Web.

src: i.ytimg.com

See also

• WebAssembly

src: www.wikihow.com

References

src: www.sreenutech.com

Further reading

External links

• Douglas Crockford's lecture video on JavaScript
• Douglas Crockford's Survey of the JavaScript Programming Language
• JavaScript in Curlie (based on DMOZ)
• List of languages ​​compiled into JS

Source of the article : Wikipedia