However, the article author didn't really explain why strict mode is interesting. One of the core requirements of ECMAScript 3.1 (now 5) was to make the language more secure.
For example, in strict mode you can't declare new variables which are eval'd. This makes it harder to XSS. As does the reservation of eval (so it can't be overridden) and the denial of access to the global object.
This is really important because using strict will not only make your JavaScript better (more like "The Good Parts") but also more performant (less global scope) and more secure.
Does anyone know what the browsers' plans are for implementing this? Hopefully the next major version of Chrome, FF, and IE have it (properly) implemented. Until then, it is hard to get excited as it will likely be quite awhile before it's ubiquitous.
In summary, some Mozilla JS extensions from Firefox 3.0 have been adopted into ECMAScript. Some ECMAScript 5 APIs have been added to Firefox 3.5, but not all of them. All the browser vendors have put a lot of effort into ECMAScript 5, so I'd expect they're willing to actually implement it, too.
Ok, can anyone smarter than myself tell me if I'm justified in getting a little bit excited about the 'freeze' function on objects that makes properties read only? My first thought is that it sounds like a perfect first line of defence in terms of being able to get trustworthy data back from the client bundled up in a frozen object.
I'm a little unclear about what your proposing but, at first interpretation, I don't think so ... What exactly are you suggesting you should use 'freeze' to do?
As a rule of thumb, you can never trust anything the client sends you - just assume he's a skilled hacker who is manually manipulating bits to do what he wants.
However, the article author didn't really explain why strict mode is interesting. One of the core requirements of ECMAScript 3.1 (now 5) was to make the language more secure.
For example, in strict mode you can't declare new variables which are eval'd. This makes it harder to XSS. As does the reservation of eval (so it can't be overridden) and the denial of access to the global object.
This is really important because using strict will not only make your JavaScript better (more like "The Good Parts") but also more performant (less global scope) and more secure.