#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2010
    Posts
    30
    Rep Power
    4

    Question [jshint] "document.write can be a form of eval."


    Hello

    I'm learning JavaScript by reading "The Definitive Guide".

    I saw JSHint and JSLint recommended to catch syntax errors, but I don't understand why they don't like this code:

    Code:
    var s = "hello world!"; // A string
    var word = s.substring(s.indexOf(" ") + 1, s.length); // Use string properties
    document.write(word);
    Here's the report:
    Line 3: document.write(word);
    document.write can be a form of eval.
    Why is document.write() wrong, and what else should I use to simply output something to the browser?

    Thank you.
  2. #2
  3. JavaScript is not spelt java
    Devshed Novice (500 - 999 posts)

    Join Date
    Feb 2011
    Location
    Landan, England
    Posts
    743
    Rep Power
    165
    document.write() should no longer be used as it is possible for a script or command to be embedded in it, which will be interpreted by the browser.

    Instead, wait for the page to finish loading, and use code such as the following:

    document.getElementById('someid').innerHTML = "Some text";
    "The mysql extension is deprecated as of PHP 5.5.0, and is not recommended for writing new code as it will be removed in the future. Instead, either the mysqli or PDO_MySQL extension should be used." the docs
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2010
    Posts
    30
    Rep Power
    4
    Thanks for the tip.
  6. #4
  7. JavaScript is not spelt java
    Devshed Novice (500 - 999 posts)

    Join Date
    Feb 2011
    Location
    Landan, England
    Posts
    743
    Rep Power
    165
    There is also JavaScript Lint which is somewhat simpler than JSLint in particular. JSLint is overly prescriptive.
    "The mysql extension is deprecated as of PHP 5.5.0, and is not recommended for writing new code as it will be removed in the future. Instead, either the mysqli or PDO_MySQL extension should be used." the docs

IMN logo majestic logo threadwatch logo seochat tools logo