[whatwg] Script-related feedback

Ian Hickson ian at hixie.ch
Wed Jan 9 12:32:49 PST 2013


On Wed, 9 Jan 2013, Adam Barth wrote:
> 
> Working through some examples, that seems really strange:
> 
> foo();
> breakParsing();
> bar();
> 
> In this case, breakParsing() works a bit like "yield()" in other
> programming languages: first foo() executes, then the event loop
> spins, then bar() executes.  However, if we wrap the code in an
> anonymous function block (as would make sense for JavaScript):
> 
> (function() {
>   foo();
>   breakParsing();
>   bar();
> })();
> 
> Now I get either get a parse error, if breakParsing() actually breaks up 
> the parsing, or breakParsing() does nothing, both of which are 
> surprising.

That's why I originally proposed it as a pragma comment (which I'm pretty 
sure would be just as safe, because anything that stops someone from 
escaping a string injection in any way will stop both identifiers and 
comments, and it seems highly unlike that someone would go out of their 
way to let you escape a string literal and be allowed to inject a comment 
but not be allowed to inject a division or method call or whatnot).


> Worse, other seemingly trivial syntactic transformation also break the 
> magic:
> 
> foo();
> breakParsing.call();
> bar();
> 
> Now the JavaScript parse won't recognize the magic "breakParsing();" 
> production, and my script executes slowly.

So let's not use something that looks like a method call -- I agree that 
isn't ergonomically or aesthetically pleasing.

/*@BREAK*/


> I guess I don't understand the advantage of trying to cram this into 
> JavaScript syntax.

Advantages of putting this in JS over multipart:

 - it's backwards-compatible
 - it's easier to parse a static barrier than a multipart/*'s wacky 
   syntax.
 - it doesn't impact any of the current fetching logic, since it's 
   still just one resource instead of introducing a layer in between 
   <script>'s logic and the JS logic.
 - it automatically works anywhere you can use JS, not just where HTTP is 
   involved.
 - it can be shimmed more easily (if you trust the JS not to have 
   arbitrary injection and be written with the shim in mind, especially).
 - it doesn't run into weird problems like what if a part has the wrong 
   MIME type.
 - it's way easier to deploy (authors hate having to set MIME types).
 - it doesn't run into the problem that all UAs have historically ignored 
   the MIME type of script.


> HTTP already has an efficient mechanism for delivering several 
> JavaScript programs in sequence: multipart.

"Efficient" isn't the word I would have used.


> Given that <img> and <iframe> already support multipart, it seems much 
> simpler just to make <script> support multipart as well.

Given how much pain multipart was to handle in <img> and <iframe>, 
avoiding it like the plague seems like the more appropriate lesson. :-)

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'



More information about the whatwg mailing list