|Paradigm||Multi-paradigm: prototype-based, functional, imperative, scripting|
|Designed by||Brendan Eich|
|Developer||Netscape Communications Corporation, Mozilla Foundation|
|Latest release||1.8.1/ 2009|
|Typing discipline||dynamic, weak, duck|
|Dialects||JScript, JScript .NET|
|Influenced by||Self, C, Scheme, Perl, Python, Java|
- 1 History and naming
- 2 Features
- 3 Syntax and semantics
- 4 Use in web pages
- 5 Uses outside web pages
- 6 Debugging
- 7 Versions
- 8 Related languages
- 9 See also
- 10 References
- 11 Notes
- 12 External links
History and naming
The following features are common to all conforming ECMAScript implementations, unless explicitly specified otherwise.
Imperative and structured
- dynamic typing
- As in most scripting languages, types are associated with values, not variables. For example, a variable
- object based
obj.x = 10and
obj["x"] = 10are equivalent, the dot notation being syntactic sugar. Properties and their values can be added, changed, or deleted at run-time. Most properties of an object (and those on its prototype inheritance chain) can be enumerated using a
- run-time evaluation
- first-class functions
- Functions are first-class; they are objects themselves. As such, they have properties and can be passed around and interacted with like any other object.
- inner functions and closures
- functions as object constructors
- Functions double as object constructors along with their typical role. Prefixing a function call with
newcreates a new object and calls that function with its local
thiskeyword bound to that object for that invocation. The constructor's
Array, also have prototypes that can be modified.
- functions as methods
- Unlike many object-oriented languages, there is no distinction between a function definition and a method definition. Rather, the distinction occurs during function calling; a function can be called as a method. When a function is called as a method of an object, the function's local
thiskeyword is bound to that object for that invocation.
- run-time environment
- variadic functions
- An indefinite number of parameters can be passed to a function. The function can access them through formal parameters and also through the local
- array and object literals
- Like many scripting languages, arrays and objects (associative arrays in other languages) can each be created with a succinct shortcut syntax. In fact, these literals form the basis of the JSON data format.
- regular expressions
- property getter and setter functions
- iterator protocol adopted from Python
- shallow generators/coroutines also adopted from Python
- array comprehensions and generator expressions also adopted from Python
- proper block scope via new
- array and object destructuring (limited form of pattern matching)
- concise function expressions (
Syntax and semantics
The output is:
LCMCalculator: a = 28, b = 56, gcd = 28, lcm = 56 LCMCalculator: a = 21, b = 56, gcd = 7, lcm = 168 LCMCalculator: a = 25, b = 55, gcd = 5, lcm = 275 LCMCalculator: a = 22, b = 58, gcd = 2, lcm = 638
Use in web pages
- Opening or popping up a new window with programmatic control over the size, position, and attributes of the new window (i.e. whether the menus, toolbars, etc. are visible).
- Validation of web form input values to make sure that they will be accepted before they are submitted to the server.
- Changing images as the mouse cursor moves over them: This effect is often used to draw the user's attention to important links displayed as graphical elements.
Furthermore, scripts will not work for all users. For example, a user may:
- use an old or rare browser with incomplete or unusual DOM support,
- or be visually or otherwise disabled and use a speech browser
XSS vulnerabilities can also occur because of implementation mistakes by browser authors.
Another cross-site vulnerability is cross-site request forgery or CSRF. In CSRF, code on an attacker's site tricks the victim's browser into taking actions the user didn't intend at a target site (like transferring money at a bank). It works because, if the target site relies only on cookies to authenticate requests, then requests initiated by code on the attacker's site will carry the same legitimate login credentials as requests initiated by the user. In general, the solution to CSRF is to require an authentication value in a hidden form field, and not only in the cookies, to authenticate any request that might have lasting effects. Checking the HTTP Referrer header can also help.
Misplaced trust in the client
Browser and plugin coding errors
In Windows Vista, Microsoft has attempted to contain the risks of bugs such as buffer overflows by running the Internet Explorer process with limited privileges. Google Chrome similarly limits page renderers to an operating-system-enforced "sandbox."
Sandbox implementation errors
Uses outside web pages
- ActionScript, the programming language used in Adobe Flash, is another implementation of the ECMAScript standard.
- The Java programming language, in version SE 6 (JDK 1.6), introduced the
- The Qt C++ toolkit includes a
MacOSobject for interaction with the operating system and third-party applications.
- ECMAScript was included in the VRML97 standard for scripting nodes of VRML scene description files.
Script debuggers are available for Internet Explorer, Firefox, Safari, Google Chrome, and Opera.
Opera includes a richer set of tools called DragonFly.
|Version||Release date||Equivalent to|| Netscape
|1.3||October 1998||ECMA-262 1st edition / ECMA-262 2nd edition||4.06-4.7x||4.0|
|1.5||November 2000||ECMA-262 3rd edition||6.0||1.0|| 5.5 (JScript 5.5),
6 (JScript 5.6),
7 (JScript 5.7),
8 (JScript 6)
|1.6||November 2005||1.5 + Array extras + Array and String generics + E4X||1.5||3.0, 3.1|
|1.7||October 2006||1.6 + Pythonic generators + Iterators + let||2.0||3.2, 4.0||1.0|
|1.8||June 2008||1.7 + Generator expressions + Expression closures||3.0|
|1.8.1||1.8 + Minor Updates||3.5|
|1.9||1.8.1 + ECMAScript 5 Compliance||4|
- "Brendan's Roadmap Updates: Popularity". Weblogs.mozillazine.org. http://weblogs.mozillazine.org/roadmap/archives/2008/04/popularity.html. Retrieved 2009-05-19.
- "Programming languages used on the Internet and the World Wide Web (WWW)". Webdevelopersnotes.com. http://www.webdevelopersnotes.com/basics/languages_on_the_internet.php3. Retrieved 2009-05-19.
- "ECMAScript Language Overview" (PDF). 2007-10-23. pp. 4. http://www.ecmascript.org/es4/spec/overview.pdf. Retrieved 2009-05-03.
- "Sun Trademarks". Sun Microsystems. http://www.sun.com/suntrademarks/. Retrieved 2007-11-08.
- Microsoft JScript Features - Non-ECMA
- "Netscape Press Release". Cgi.netscape.com. http://cgi.netscape.com/newsref/pr/newsrelease289.html. Retrieved 2009-05-19.
- Peter-Paul Koch, Object detection
- Peter-Paul Koch, Mission Impossible - mouse position
- Peter-Paul Koch, Browser detect
- MozillaZine, Mozilla Cross-Site Scripting Vulnerability Reported and Fixed
- Right-click “protection”? Forget about it. 2008-06-17. ISSN 1797-1993. http://blog.anta.net/2008/06/17/right-click-%e2%80%9cprotection%e2%80%9d-forget-about-it/. Retrieved 2008-06-17.
- Mozilla Corporation, Buffer overflow in crypto.signText()
- Paul Festa, CNet, Buffer-overflow bug in IE
- SecurityFocus, Microsoft WebViewFolderIcon ActiveX Control Buffer Overflow Vulnerability
- Fusion Authority, Macromedia Flash ActiveX Buffer Overflow
- Mike Friedman, Protected Mode in Vista IE7
- US CERT, Vulnerability Note VU#713878: Microsoft Internet Explorer does not properly validate source of redirected frame
- Mozilla Foundation, Mozilla Foundation Security Advisory 2005-41: Privilege escalation via DOM property overrides
- Microsoft Corporation, Changes to Functionality in Microsoft Windows XP Service Pack 2: Part 5: Enhanced Browsing Security
- "javax.script release notes". Java.sun.com. http://java.sun.com/javase/6/webnotes/index.html#scripting. Retrieved 2009-05-19.
- Flanagan 5th Edition, Pp 214 et seq
- Trolltech ASA, QtScript Module
- Koninklijke Philips Electronics NV
- JScript development in Microsoft Office 11 (MS InfoPath 2003)
- "Introducing Drosera - Surfin' Safari". Webkit.org. 2006-06-28. http://webkit.org/blog/61/introducing-drosera/. Retrieved 2009-05-19.
- McFarlane, Nigel (2003). Rapid Application Development with Mozilla. Prentice Hall Professional Technical References. ISBN 0-13-142343-6.
|Wikibooks has a book on the topic of|
- Mozilla Developer Center