implied eval

A

Andrew Poulos

With this line

setTimeout( "gotoNewPage(feedback)" , 1000);

jslint tells me that

"Implied eval is evil. Pass a function instead of a string".

Does that mean I should do something like this:

setTimeout( function() { gotoNewPage(feedback); } , 1000);

to get the same resulting action in the code?

Andrew Poulos
 
T

Thomas 'PointedEars' Lahn

Andrew said:
With this line

setTimeout( "gotoNewPage(feedback)" , 1000);

jslint tells me that

"Implied eval is evil. Pass a function instead of a string".

Ignore that. Apparently Douglas Crockford assumes that the string is passed
to eval(), for which there is no basis. He may be well-versed in the
language standard and its implementations, but from what I have seen so far,
his DOM knowledge leaves a lot to be desired.

In fact, jslint is a *JavaScript* Verifier; it should stick to language
features and not support wild guesses about how DOM implementations might work.
Does that mean I should do something like this:

setTimeout( function() { gotoNewPage(feedback); } , 1000);

to get the same resulting action in the code?

No, your code is fine and even more compatible than the alternative. It can
also be debugged just as well (at least in Firebug).

You should use window.setTimeout(), though, to make clear you want to call a
method of Window objects, not of just another object in the scope chain.


PointedEars
 
J

JR

Hi,
If gotoNewPage() performed a loop then it should be preferable using
the function() { } option because you might need a closure to get the
correct value for each loop step. Anyway, the example you've supplied
will only work if feedback is a global variable, otherwise you should
write:

setTimeout( "gotoNewPage(" +feedback +")" , 1000 );

João Rodrigues
 
T

Trevor Lawrence

Andrew Poulos said:
With this line

setTimeout( "gotoNewPage(feedback)" , 1000);

jslint tells me that

"Implied eval is evil. Pass a function instead of a string".

Does that mean I should do something like this:

setTimeout( function() { gotoNewPage(feedback); } , 1000);

to get the same resulting action in the code?


Interesting . Exactly the same thing happened to me .

What JSLint is saying is that you should use:
setTimeout( gotoNewPage , 1000);
i.e. the function name is used unquoted

http://www.w3schools.com/htmldom/met_win_settimeout.asp says
Definition and Usage
The setTimeout() method is used to call a function or evaluate an expression
after a specified number of milliseconds.

Syntax
setTimeout(code,millisec,lang)

Parameter Description
code Required. A pointer to a function or the code to be executed
millisec Required. The number of milliseconds to wait before executing
the code
lang Optional. The scripting language: JScript | VBScript | JavaScript


So when the parameter 'code' contains a quoted string, it is evaluated. In
some of my reading on the topic, it seems that using a pointer is *now* the
correct way to use setTimeout but using quoted code is still accepted for
backwards compatibility.

Of course, using the pointer has the problem that the value of feedback is
not passed to the function as a parameter. The solution appears to be to set
the value into a global before setTimeout is used.
 
R

RobG

Interesting . Exactly the same thing happened to me .

What JSLint is saying is that you should use:
setTimeout( gotoNewPage , 1000);
i.e. the function name is used unquoted

http://www.w3schools.com/htmldom/met_win_settimeout.aspsays

While w3schools is a useful site, it shouldn't be referenced when much
better authorities exist. As setTimeout is a DOM 0 feature, both
Mozilla and MS developer pages should be referenced as their
specification of this feature differs.

Definition and Usage
The setTimeout() method is used to call a function or evaluate an expression
after a specified number of milliseconds.

Syntax
setTimeout(code,millisec,lang)

compare with:

Mozilla DOM refernce:
<URL: https://developer.mozilla.org/En/DOM/Window.setTimeout >

MSDN DHTML reference:
Parameter Description
code Required. A pointer to a function or the code to be executed
millisec Required. The number of milliseconds to wait before executing
the code
lang Optional. The scripting language: JScript | VBScript | JavaScript

Different browsers will treat 3rd and subsequent arguments
differently, do not use them unless a specific browser is being
targetted (a bad idea on the web but perhaps necessary in special
cases). The 3rd is used by IE to specify the code language whereas in
other browsers, if the first argument is a function reference, extra
arguments after the delay (here called "millisec") are passed as
arguments to that function (see link to Mozilla DOM reference above).

So when the parameter 'code' contains a quoted string, it is evaluated. In
some of my reading on the topic, it seems that using a pointer is *now* the
correct way to use setTimeout but using quoted code is still accepted for
backwards compatibility.

See the compatability section of the Mozilla DOM reference above.

Of course, using the pointer

Pointer? Too much c/c++ methinks. :) Javascript has function
references.

has the problem that the value of feedback is
not passed to the function as a parameter. The solution appears to be to set
the value into a global before setTimeout is used.

Or use a closure, the called function should probably be defensive and
expect to be called with inappropriate values.
 
T

Trevor Lawrence

RobG said:
While w3schools is a useful site, it shouldn't be referenced when much
better authorities exist. As setTimeout is a DOM 0 feature, both
Mozilla and MS developer pages should be referenced as their
specification of this feature differs.



compare with:

Mozilla DOM refernce:
<URL: https://developer.mozilla.org/En/DOM/Window.setTimeout >

MSDN DHTML reference:


Different browsers will treat 3rd and subsequent arguments
differently, do not use them unless a specific browser is being
targetted (a bad idea on the web but perhaps necessary in special
cases). The 3rd is used by IE to specify the code language whereas in
other browsers, if the first argument is a function reference, extra
arguments after the delay (here called "millisec") are passed as
arguments to that function (see link to Mozilla DOM reference above).



See the compatability section of the Mozilla DOM reference above.



Pointer? Too much c/c++ methinks. :) Javascript has function
references.



Or use a closure, the called function should probably be defensive and
expect to be called with inappropriate values.


--


Well, I understood most of that.

I had been told on NGs (possibly this one) that 'pointer' is the incorrect
word to use and that 'function reference' is preferred.

However, W3Schools uses the word pointer, so I did so also. I do not have
much experience in C/C++. I have dabbled a bit, but never really used it
much, so I doubt that this influenced my choice of word.

The para. that I baulked on was:
Or use a closure, the called function should probably be defensive and
expect to be called with inappropriate values.

Can you/would you please explain. While the sentence is (more or less)
grammatical, I don't understand what 'closure' and 'defensive' mean in this
context. I certainly don't understand why a function should 'be called with
inappropriate values'.

Thank you
 
T

Thomas 'PointedEars' Lahn

JR said:
If gotoNewPage() performed a loop then it should be preferable using
the function() { } option because you might need a closure to get the
correct value for each loop step.

On the other hand, the string value might have been chosen to avoid a
closure with a host object, which is known to leak memory in MSHTML-based
browsers.
Anyway, the example you've supplied will only work if feedback is a
global variable, otherwise you should write:

setTimeout( "gotoNewPage(" +feedback +")" , 1000 );

Provided that the string representation of `feedback' is feasible as
function argument.


PointedEars
 
E

Erwin Moller

Trevor Lawrence schreef:


The para. that I baulked on was:

Can you/would you please explain. While the sentence is (more or less)
grammatical, I don't understand what 'closure' and 'defensive' mean in this
context. I certainly don't understand why a function should 'be called with
inappropriate values'.

Thank you

Hi,

closures: here is an introduction:
http://www.jibbering.com/faq/faq_notes/closures.html

About 'calling a function with inappropriate values' and being
'defensive', that is quite straightforward.
eg:

function test(myBorder,myDiv){
myDiv.style.border=myBorder;
}

The above function sets a border of some div.
So it expects to be called with a border (CSS) definition string, and a
reference to some div.
The above function takes the arguments without checking they hold
sensible values. That is NOT defensive. ;-)

Regards,
Erwin Moller


--
"There are two ways of constructing a software design: One way is to
make it so simple that there are obviously no deficiencies, and the
other way is to make it so complicated that there are no obvious
deficiencies. The first method is far more difficult."
-- C.A.R. Hoare
 
R

RobG

Pointer?  Too much c/c++ methinks. :)  Javascript has function
references.
[...]

I had been told on NGs (possibly this one) that 'pointer' is the incorrect
word to use and that 'function reference' is preferred.

However, W3Schools uses the word pointer, so I did so also. I do not have
much experience in C/C++. I have dabbled a bit, but never really used it
much, so I doubt that this influenced my choice of word.

Fine, it indicates the quality of advice at w3schools.

The para. that I baulked on was:


Can you/would you please explain. While the sentence is (more or less)
grammatical, I don't understand what 'closure' and 'defensive' mean in this
context.

A closure can be used to pass a value to setTimeout, e.g.:

function foo(param) {
setTimeout( function() {
bar(param);
}, 500);
}

function bar(x) {
alert(x);
}

foo('hi');


The "implied eval" version is:

function foo(param) {

// Note the extra quotes
setTimeout('bar("' + param + '")', 500);
}

which, as Thomas pointed out, is compatible with older browsers but I
don't think there are too many web surfers out there running browsers
that old. But hey, if you want to help them out then good for you. :)

I certainly don't understand why a function should 'be called with
inappropriate values'.

They shouldn't but might be. When using setTimeout or concepts that
are more than basic javascript, it is good to ensure that if a
function is called with an inappropriate value the result is something
that is easy to track down rather than mysteriously doing the wrong
thing in very particular circumstances.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top