JScript syntax verifier? - javascript

I'm new to JScript coming from a C++ world.
I'm quite surprised that expressions are evaluated at run-time. What I mean is if I added a function and didn't provide its definition, the program would "crash" (in the debugger) when I run it.
It's also funny how I can just type gibberish anywhere and only at run-time the debugger would complain.
But the "live" page wouldn't!
Is there any JScript add-on tool that checks its syntax while we type? I'm currently using Aptana Studio.
Or is the debug button equivalent to compiling in the web world? But then what if you had million lines of code and some little function was not defined or misspelled? That's a scary thought to me. =S

JSLint is considered by many to be the best syntax checker. I don't know that there is an add-in for your particular situation, but you should be able to add it to your build process pretty easily.
Update: Apparently there are some established techniques for integrating it with Aptana.

Welcome to the world of scripting!

Related

mac os x python/JavaScript IDE where I can use break points

I looking for python/JavaScript IDE where I can put breakpoints. Currently I'm using coderunner but I can not put break points. I'll really appreciate you recommendations
I'm not an expert on Python, but I do work as a web developer and use JavaScript regularly. For that side of things, probably the easiest way is to use Chrome/Firefox debugger tools. You can do this manually by finding the line of code in the console and clicking (F12->Sources tab->Content scripts->desired script), or using the 'debugger' statement to toggle debug mode (F12->Console tab->type 'debugger' then return) and step through to what you need.
Additionally, if you're looking for an actual IDE, the only thing I've found online is the following. Here's the relevant part of that article. I've never used it (and probably never will), but there it is all the same.
Webstorm by IDEA supports setting breakpoints in the IDE. This requires launching the JavaScript debugger from IDEA. It must be configured in advance so it understands how to map JavaScript on the development server to JavaScript files in your environment. IDEA will automatically install a Chrome or Firefox plug-in to facilitate. This is pretty new technology and can be touchy.
I use PyCharm. It's a heavyweight IDE, so expect more features than you probably want if you're just getting started. It has a very good integrated debugger. You'll be able to break into both your Python and Javascript. Further, you'll see a pretty nice productivity jump with all the editing support like auto complete and intellisense. My advice is to stick with print() and logging as long as you can. For me getting a firm grasp of packages, python environments, virtualenv, command line tricks and git all before committing to the PyCharm IDE helped me adopt it with more confidence I was getting the value of all the integration.

What's the best tool for Javascript security auditing?

Something that can at least scan a batch of .js files looking for eval statements and other questionable code. Maybe just a regex pattern would do it, but I'd like to find a more sophisticated (and regularly maintained) tool.
old topic but new tool :
ScanJS, developed by mozilla in order to check the Firefox OS security.
https://github.com/mozilla/scanjs
Have you tried Douglas Crockford's JSLint? Although it doesn't scan your code for security problems, however, it does alert you on "eval" statements. OTOH, Predrag Tomasevic has wrote a JavaScript Verifier based on JSLint that can be integrated with Visual Studio (read more on this here).
I'm not aware of any Open Source tools that conduct static analysis of JavaScript.
Grepping for eval() likely isn't going to help for anything other than very simple, very obvious mistakes. It'll be even more difficult to analyze if the script has been minified or obfuscated because you'll be hard-pressed to determine if the argument is being used safely or not.
There are plenty of security problems in JavaScript that rely on the interaction with the DOM. Grepping for eval() might work, but it'll miss other execution points like hrefs or event handlers that might be attacked, e.g. href=javascript:xss or onFoo=xss. You really need a tool that deals with JavaScript and the DOM, not just a JavaScript console.
IBM/Watchfire recently released a paper about a JavaScript analyzer they've created. The paper provides details on results rather than implementation. A commercial tool might not be the way you want to go, but the paper should help shed more light on the challenges of doing this well.
This tool from Facebook seems promising.
https://github.com/facebook/jsgrep

Javascript obfuscation and extreme situation in production solving

I have a few questions regarding JavaScript obfuscation on client side.
First question:
What is the best tool or best three tools which ones you could suggest for this operation?
Second question:
How developers should debug such code (in example with firebug) when extreme situation appears in the production if the code is obfuscated?
P.S. - I know that it's bad practice to debug in production, but we had some emergencies and experienced sometimes such situations.
Thanks for any help!
1) closure compiler with advanced optimizations
2) First double their pay, then show them jsbeautifier.org
If you are looking for obfuscation I would say JScrambler. They also have a comparison table on the site that lists other well known javascript obfuscators.
For debugging you could use something like SpiderMonkey or Rhino. Firebug is very good to retrive the decoded source code when encoding is applied.
I think IE8 javascript debugger (under the developer tools) actually re-indent/re-format your code so its readable again.
Not sure if this feature has been added to Firebug, haven't used it lately, but I really wanted this feature a while ago.
Our SD ECMAScript Obfuscator retains a map of how it obfuscated your code. If you do client-side, obfuscated-code debugging, that map will tell which symbol in the original source is it actually referencing.
If you want to debug "nicely formatted" obfuscated code, you can get that from the ECMAScript Obfuscator, by first obfuscating (getting code with all layout lost), and then running back through the obfuscator to prettyprint it (it has this option).
A third option is to generate the obfuscated code in "debugging" mode. The obfsucated result is identifcal to what the production obfuscation is, except that each scrambled variable is named "XXX". This makes understanding the code being debugged just as easy as the original, while validating that the obfuscation renaming is correct. After you've done your debugging, you simply re-obfuscate in production mode.

Is there a good javascript plugin for visual studio?

I think that Visual Studio's biggest let down is the Javascript editor. I have been told to use Aptana as an editor for my javascript files, but I would prefer to stick with visual studio if possible.
I have read other similar plugin posts, but none focus specifically on Javascript.
VS2010 may offer some improvements, but will they be up to Apatana standards? I have briefly tested the beta, but I'm not overly impressed.
Is there anything out there that will bring Javascript closer to c# development? Considering the wide spread use of Javascript I think there must be something....... I hope! :)
Many thanks in advance... this is something that has always bugged me!
There's a couple recent plugins that may be helpful :
From Microsoft :
JScript Editor Extensions
Brace Matching
Outlining / Cold-folding
Current Word Highlighting
IntelliSense Doc-Comments Support
JSEnhancements
Outlining and matching braces highlighting
(I wouldn't think installing both of these is a good idea - and the Microsoft plugin has more features so try that one first)
VS is a pretty good IDE (especially when coupled with Resharper) but not so hot with Javascript. The debugger is good and there's the JSLint plugin but other than that I'm not sure. Aptana (based on Eclipse) is an excellent javascript IDE but it doesn't like it much when the javascript is embedded in aspx files (unless they updated the support recently). So far I'm not sure there's an ideal .net platform IDE for both client and server side stuff just yet.
Update: Resharper 6 added pretty good JavaScript support - so now I'd recommend that combination if you're doing a lot of debugging across client and server at the same time. If you're focussing on pure client code then I find WebStorm to be an excellent JavaScript/HTML IDE - even better than Aptana.
I'd really like to recommend Webstorm. It does not! treat your JS as text files.
Its a full blown JS editor and has become my favourite JS editor working in parallel with VS to handle my server side stuff.
WS has actual object intellisense across JS files. That means when I press . (dot) it shows me the functions on that objects, even if its located physically in another file.
It will recognize my objects (or their type if you will) created in other JS files referred to in the file I'm working on.
I have 'Find usages' on JS functions
I have 'find all references' on JS object / function / class / variable or whatever you want to search on. In the end its all objects but Webstorm knows this.
If I change the short/cut to F12, I can press F12 on my function call and it will jump to the implementation of that JS functon. Even if its located in another file.
Ofc. you have code folding and colouring, extract method and other neat code re factoring, overview creating tools.
Oh. And by the way.
I'd like to kill off a rumour going around in the cloud on forums I come across from time to time, looking for better ways to handle JS.
reSharper DO NOT SUPPORT JAVASCRIPT! A little piece of me dies every time I read some guy repeating what he saw on the reSharper site. It may have a some poor intellisense and some low level syntax check, but that has nothing to do with support.
Notepad++ supports JS better than VS in my opinion.
Münster
Don't forget to grab Chirpy to handle minifying your scripts in VS.
If you use Visual Studio, add the
/// <reference path="myOtherJsFile.js" />
directive at top of your js files and install Web Essentials you get pretty decent (but not perfect) intellisense, go to definition by using F12 and find all references (sort of..) by using SHIFT+F12

What would be a good browser-independent JavaScript programming environment?

My team's current project involves re-writing retrieval libraries in JavaScript. We are basically looking for a setup which enables us to apply test-driven development methods.
So far we plan to use Vim to write the code, no fancy IDE. For generating output we would use Spidermonkey's shell environment. JSLint could serve as a moderate syntax checking tool.
The essential question remains: How do you develop JavaScript (browser-independent) programs?
If we are already on the right track, then maybe you can supply us with a few tips and tricks.
You can test your code in Spidermonkey or Rhino (an older JS interpreter in Java), but you won't really know which browsers it works in until you test your scripts in them!
I agree with the earlier poster, using a browser-independent library like jQuery is probably a good idea.
I have not used Spidermonkey, but I know Rhino has a good debugging GUI, allowing the usual: setting breakpoints, watches, and stepping through code.
Only testing you'll make your JavaScript code browser-independent.
If you have the chance to rewrite it all, you might consider jQuery.
It's essentially browser agnostic. Or at least it requires much less object sniffing than plain javascript.
Yes,I'm using the same environment to develop standalone JS apps (vim + SpiderMonkey). I only would add up, that I've made small in-browser IDE for reading/writing/launching JS scripts on the server-side. Sometimes it's very helpful. Also, I'm looking for using WXJavascript project, which seems to be very promising.

Categories

Resources