SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Member
    Join Date
    Jul 2009
    Location
    Budapest, Hungary
    Posts
    7
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question Beginner JavaScript project: problems in Chrome, use of eval(), detecting window size

    Hi,

    I have done some ugly hacking in JavaScript before but nothing serious. Now I have decided to learn the language properly, so yesterday I threw together a function plotter that you can see here: balazsbotond dot hu/plotter
    The script is here: balazsbotond dot hu/plotter/raphael-test.js

    I use Google Chrome as my primary browser. My script works perfectly in every other browser (IE6, IE8, FF, Opera, Safari), but there are some problems in Chrome. Some functions do not work at all (exp()), some do not always work (sin(x) works, x*sin(x) works sometimes, 0.7*x*sin(x) never works). Since I am new to JS and this seems to be a very subtle problem, I have no idea where to start.

    I have read that the use of eval() is not recommended because of performance and security reasons. Performance is not a problem here (eval is definitely better here than writing my own expression parser), but what about security? Did my use of eval introduce a security risk in my site (I find this quite unlikely because the whole thing runs on the client side but who knows...)?

    By the way, is there a way to detect if eval() was not successful?

    And finally, is there a reliable, cross-browser way of getting the client size of the window? I'm talking about the size without the title bar, toolbars, etc. My solution does not work in IE6 and IE8.

    Any help would be appreciated.
    Last edited by balazsbotond; Jul 21, 2009 at 04:09.

  2. #2
    Unobtrusively zen silver trophybronze trophy
    paul_wilkins's Avatar
    Join Date
    Jan 2007
    Location
    Christchurch, New Zealand
    Posts
    14,696
    Mentioned
    101 Post(s)
    Tagged
    4 Thread(s)
    1. Math.sin(x) is the correct manner.

    2. Eval, in terms of the Matrix movie, is equivalent to creating a new Matrix while you are already inside the Matrix.

    What on earth are you using Eval for? There are almost always better alternatives instead.

    3. The following resource will be of great use for you.
    http://www.quirksmode.org/dom/w3c_cssom.html
    Programming Group Advisor
    Reference: JavaScript, Quirksmode Validate: HTML Validation, JSLint
    Car is to Carpet as Java is to JavaScript

  3. #3
    SitePoint Member
    Join Date
    Jul 2009
    Location
    Budapest, Hungary
    Posts
    7
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    pmw57,

    Thank you for your reply. This quirksmode reference is extremely
    useful, I could easily solve the window size problem with it.

    If you were writing a calculator in JS where the user can enter
    formulas like (1-3)*2, press a button and see the result, would you
    use eval or would you write your own expression evaluator? Because
    that would really be like creating a new Matrix while already inside
    the Matrix. What I'm doing is essentially the same: the user enters a
    formula like x*x and the script draws a nice function graph of it (you
    can have a look at it at balazsbotond dot hu/plotter/). I think this
    is a perfectly valid way of using eval. My question is if there is
    any security risk if I use eval this way?

  4. #4
    Unobtrusively zen silver trophybronze trophy
    paul_wilkins's Avatar
    Join Date
    Jan 2007
    Location
    Christchurch, New Zealand
    Posts
    14,696
    Mentioned
    101 Post(s)
    Tagged
    4 Thread(s)
    Quote Originally Posted by balazsbotond View Post
    I think this
    is a perfectly valid way of using eval. My question is if there is
    any security risk if I use eval this way?
    In the way that you are intending for it to be used I would say that there is little risk, but I am no expert on cross-site scripting.
    Programming Group Advisor
    Reference: JavaScript, Quirksmode Validate: HTML Validation, JSLint
    Car is to Carpet as Java is to JavaScript

  5. #5
    SitePoint Wizard bronze trophy
    Join Date
    Jul 2008
    Posts
    5,757
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    There's some slight chances of xss issues, but the main thing is to make sure that a user cannot enter a formula and then link to the webpage and have the formula pre populated.

    But, here's a pretty standard postfix evaluator.
    http://jsfromhell.com/classes/math-parser

  6. #6
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,800
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by balazsbotond View Post
    And finally, is there a reliable, cross-browser way of getting the client size of the window? I'm talking about the size without the title bar, toolbars, etc. My solution does not work in IE6 and IE8.

    Use these functions for the width and height of the browser viewport.

    Code:
    function vpWidth() {return window.innerWidth || document.documentElement.clientWidth || document.body.clientWidth;}
    function vpHeight() {return window.innerHeight || document.documentElement.clientHeight || document.body.clientHeight;}
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •