English subtitles

← 06-12 Javascript Output Solution

Get Embed Code
3 Languages

Showing Revision 1 created 06/10/2012 by Amara Bot.

  1. Well, let's go through them together.
  2. We could rename "javascript output" to anything as long as we're consistent.
  3. This is very tempting.
  4. Why don't I change this ugly space to an underscore.
  5. Well, the reason is that if the user knew that, in their embedded JavaScript fragment,
  6. they could assign to the variable "javascript_output"
  7. and because we're piggybacking on our environment,
  8. they'd find it, and they'd collide with it.
  9. So rather than printing out the right answer,
  10. we'd print out whatever the value was for this variable "javascript output."
  11. It's super unlikely, very unlikely that the user would happen to name a variable
  12. "javascript_output," but it's a security problem and officially there exists at least
  13. a few programs that won't compute the right answer
  14. if we change it to a variable that the user can collide with.
  15. So we can't actually rename it to anything.
  16. We have to be careful.
  17. When this feeds into the second one, "javascript output" is a good choice
  18. because it has a space in it--yes!
  19. If you think back to our lexer rule for identifiers,
  20. it looks something like this.
  21. Every javascript identifier contains upper or lowercase letters and possibly an underscore
  22. but can't contain a space.
  23. So this means there is no way for the user to have a variable name that has a space in it,
  24. so no way for them to collide with the rest of the environment.
  25. We could also have made a different design decision and had some global variable
  26. that's stored the "javascript output," but this approach, first, piggybacks on something
  27. you've already done, and second, illuminates cool issues like this.
  28. Finally, "javascript output" starts empty to support 0 calls to write.
  29. That does end up working out.
  30. Imagine that trees is the empty list.
  31. They just said begin Javascript, end JavaScript and didn't do any work.
  32. We would want to return a real value rather than having some sort of exception
  33. or look-up error problem.
  34. If I didn't initialize "javascript output" to the empty string,
  35. when we went to look it up here, there might not be anything there.