是“使用严格”实时网站安全吗? [英] Is "use strict" Safe for Live Sites?
问题描述
使用严格;看起来很棒,我们真的很想在我们的商店使用它。但是,我们只是想要它,以便我们(开发人员)可以找到严格性问题;我们非常想在以前工作正常的时候让我们的网站为我们的网站打破。
"use strict"; seems awesome, and we'd really like to use it at our shop. However, we just want it so that we (the developers) can find strictness-issues; we very much DO NOT want to make our site break for our actual customers when it was working fine before.
现在,我们可以使用一些服务器端逻辑来实现这个:
Now, we could just use some server-side logic to achieve this:
{% if debug %}<script>"use strict";</script>{% endif %}
...除了use strict在逐个文件的基础上运行,所以这实际上不会起作用(好吧,除非我们开始服务器端处理我们所有的JS文件)。
... except that "use strict" operates on a file-by-file basis, so that won't actually work (well, unless we start server-side processing all of our JS files).
所以,我的问题是:做所有的当页面加载时,使用严格检查是否可以检查,或者加载严格是否可以在页面加载后查找错误?如果是前者,我们可以使用use strict和不要担心,因为我们会在开发之前将我们的网站加载到开发中。但是,如果是后者,我们似乎运气不好,因为我们无法测试每个可能的运行时条件(同样,我们不希望在之前没有错误时为我们的用户制造错误)。
So, my question is: do all the things "use strict" checks for get checked when the page loads, or is it possible for "use strict" to find errors after the page has loaded? If it's the former, we can just use "use strict" and stop worrying, because we'll load our site in development before loading it on live. However, if it's the latter we seem to be out of luck, as we can't test every possible runtime condition (and again, we don't want to make errors for our users when there were no errors before).
推荐答案
这是后者。在严格模式中,Javascript解释器可能会在运行时抛出错误消息,这些错误消息不会在非严格模式下抛出。
It's the latter. While beeing in strict mode, an Javascript interpreter may throw error messages at runtime, which would not get thrown in non-strict mode.
另一方面,大多数错误都是错误,这意味着,它们实际上有助于不破坏您的代码。
On the other hand, most of these errors are "good errors", which means, they will actually help not breaking your code.
例如
function foo() {
"use strict";
bar = true;
}
foo();
这将抛出
"ReferenceError: assignment to undeclared variable bar"
在严格模式下,这是一个好的东西。在非严格模式下,我们只会创建一个名为 bar 的全局变量,这可能不是我们想要的。还有很多其他情况,严格模式会阻止程序员做一些愚蠢/错误/不需要的事情并抛出错误消息。但同样,你想要有这些错误而不是一些奇怪的错误。
in strict mode, which is a good thing. In non strict mode, we would just have created a global variable called bar, which is probably not what we wanted. There are plenty of other situations where strict mode prevents the programmer from doing something stupid/bad/unwanted and throws error messages. But again, you want to have those errors instead of some wierd bugs.
进一步阅读MDN
这篇关于是“使用严格”实时网站安全吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
