I just thought I’d share a few quick ways of making your Javascript a little bit safer. I’d recommend reading deeper into a few of these techniques too. The MDN Javascript articles are great for this, and reading the source code of major Javascript projects & libaraies is a great way of seeing this stuff in action.
Global Warming: Prevent Pollution
In Javascript there’s a couple of ways of defining variables. One is good (if used properly), one is disastrously bad.
That first one? That is a global variable and is muchos bad. No matter where you write that code, evilVariable variable will be available everywhere else.
This is because the variable becomes a property of the global object - in browsers, that’s ‘window’. So in this case we’d have window.evilVariable.
By using the var keyword you limit the scope (segment of code in which a particular variable can be used) to the closest function. More on this in the next section…
Use Protection
If you’d used that previous code example in a script tag on your page, you’d still actually be creating a global variable (so you’d still have window.notQuiteSoEvil), but read on for a way round that!
Since it’s never a good idea to pollute the global scope of your page if you can avoid it, one way to ensure you aren’t causing global warming is to to wrap all your code in a self-executing anonymous function. Though it sounds scary, it’s actually quite simple.
Looks like a normal function right? But check out the extra parentheses… they run the function straight away. You have to wrap it all in parentheses because that makes sure that function () { … } an expression not a declaration, but that’s outside of the scope (see, there it is again!) of this article. Check out MDN for more.
As mentioned above, any variables decalred within the self-executing function will only be visible within that function (and inside any functions declared within the parent function). This is called functional scoping and is one of the differences between Javascript and most other languages. It’s also incredibly powerful, enabling a wealth of neat Javascript tricks like closures. Anyway, back on topic!
I tend to make a slight improvement to this but adding a semicolon before the first bracket, a la:
This is to protect against something like this happening:
Yeah, crazy. Don’t do it, kids.
The extra semicolon (or !, +, - and a few others) is also useful for flagging to the next poor soul reading your code that something’s afoot (ie, the following is a self executing function).
typeof undefined !== “undefined”
Theoretically, some bastard could write:
This is nighmarish because everywhere you write
will be horribly broken. Since undefined is now true, even if myVariable has not been defined the code within the if statement will not run.
This is possible becuase undefined is not a Javascript keyword, but a property of the global object. Don’t ask me why. Javascript has some odd bits.
The way to protect against this is to hack the way Javascript handles arguments. If a function is expecting three arguments, but only two are supplied, the value of the third will be undefined. Similarly, if the function is expecting one argument but recieves none then the argument will be undefined.
So, to ensure that undefined is always (erm) undefined, you can do this:
Easy peasy, right?!
Done and done
I hope these quick tips will help you write safer Javascript, and will help protect you from cowboy web developers who are redefining undefined.