Version 18, Updated June 23, 2009 by Garrett Smith
This is the comp.lang.javascript meta-FAQ, 18. The latest version is available at http://jibbering.com/faq/ in HTML form.
Each day, one section of the FAQ is posted for review and questions, and as a reminder that the FAQ is available.
For additional explanation and detail relating to some aspects of the FAQ, please see the FAQ Notes. It has been provided separately to avoid increasing the size of the FAQ to a point where it would be unreasonable to post it to the group.
Code examples in this FAQ use JSDoc Toolkit comments.
The official Big 8 Usenet newsgroup dealing with javascript is comp.lang.javascript. Some "language" hierarchies also have *.comp.lang.javascript groups.
c.l.js is an unmoderated newsgroup.
The comp.lang.javascript newsgroup deals with ECMAScript languages, so any questions about JavaScript or JScript are welcome. However, the majority of questions sent to this group relates to javascript in a web browser. If you are experiencing issues with a particular browser, or the host is not a browser at all, please make this information clear.
Javascript and Java are two completely different languages. Java questions should be asked in one of the comp.lang.java.* newsgroups; they are not appropriate for c.l.js (as Java and javascript are distinct programming languages with only superficial similarities due to sharing a C-like syntax and some of the characters in their names).
Questions dealing with other scripting languages, such as VBScript, PerlScript or CGI scripting are also off-topic, as are HTML-only or CSS-only questions.
Questions that are specific to Microsoft's JScript may also be appropriately asked at: microsoft.public.scripting.jscript
The comp.lang.javascript newsgroup charter is included in faq_notes/cljs_charter.html
Before posting to c.l.js, you should read this document. You should also check the Resources section.
Relevant announcements are welcome, but no more often than once per major release, as a short link to the product's webpage.
This could be for several reasons:
If it is not one of these, then after a few days consider reposting after checking http://groups.google.com/group/comp.lang.javascript/topics for replies. Make sure the post is phrased well, and everything needed to answer is correct, and the subject is appropriate.
ECMAScript is the international standard that current language implementations (JavaScript, JScript etc.) are based on. JScript and JavaScript™ are implementations of ECMAScript. http://www.ecma-international.org/publications/standards/Ecma-262.htm
ECMA-262 defines the language Syntax, Types, Keywords, Operators,
and the built-in objects. The ECMAScript specification is the reference
to determine the expected behavior of a program. ECMAScript does not define
any host objects, such as document, window, or ActiveXObject.
ECMA-327 defines the Compact Profile of ECMAScript by describing the features from ECMA 262 that may be omitted in some resource-constrained environments. http://www.ecma-international.org/publications/standards/Ecma-327.htm
The current edition of ECMA-262 is the 3rd Edition. There is some support for this edition in JScript 5.0 and JavaScript 1.3. JScript 5.5 and JavaScript™ 1.5, in Netscape 6.1 and later, are somewhat compliant.
JScript is Microsoft's implementation of ECMAScript.
Questions that are specific to Microsoft's JScript may also be appropriately asked at: microsoft.public.scripting.jscript
Object models (OMs) are not part of the ECMAScript language: they are provided by the host to allow javascript (or other scripting language) to communicate with the host. An object model may allow javascript to access a file system, or control a nuclear power station. The most commonly used object models via javascript are provided by Active Server Pages, Server Side javascript, and the Windows Script Host. The most common of all is the Document Object Model (DOM) provided by web browsers. Other document types such as SVG also define scriptable DOMs, mostly as extensions of the W3C Core DOM specification designed for use with XML documents.
This is the collection of objects provided by each browser.
Basically, any object in the window hierarchy is part of the
DOM. This means that document.writeln(),
for example, is not an
ECMAScript method but is, in fact, a method provided by the DOM.
An official DOM has been standardised by the World Wide Web Consortium
(W3C); however, like all W3C standards, browser support is not
yet complete. Most cross-browser coding problems come from
slightly different implementations of the DOM in the different browsers.
Internationalisation means using one form which is everywhere both acceptable and understood. Any international standard not supported by default can be coded for.
For example, there is an International Standard for numeric Gregorian date format; but none for decimal and thousands separators.
Multinationalisation means using different forms for different readers. It cannot work well in general, because it requires a knowledge of all preferences and the ability to choose the right one, in an environment where many systems are inappropriately set anyway.
Javascript has a few Multinationalisation features. The various
toString()methods are all implementation dependent,
but tend to use either UK or US settings (not necessarily correctly).
ECMAScript Ed. 3 introduced some capabilities, including the
toLocaleString()method which should create a string
based on the host's locale.
Much more support is expected in future versions of ECMAScript.
The ECMAScript Technical Committee is now working on ECMAScript, 5th Edition (the 4th edition was abandoned). More information can be found at http://www.ecmascript.org/.
Most javascript books have been found to contain so many technical errors that consensus recommendations have not emerged from the group.
The following books have been considered to have value by some individuals on c.l.js. The reviews of these books are provided:
No javascript libraries are endorsed by this group. If you are looking for help using a library, visit that library's discussion group instead.
ISO 8601 defines date and time formats. Some benefits include:
The ISO Extended format for common date is YYYY-MM-DD, and for time is
hh:mm:ss.
For an event with an offset from UTC, use YYYY-MM-DDThh:mm:ss±hh:mm.
Never use a local date/time format for a non-local event. Instead, use
UTC, as in YYYY-MM-DDThh:mm:ssZ (Z is the only letter suffix).
The T can be omitted where that would not cause ambiguity. For
rfc 3339 compliance, it may be replaced by a space and for SQL,
it must be replaced by a single space.
A local Date object where year >= 0 can be
formatted to a common ISO 8601 format YYYY-MM-DD with:-
/** Formats a Date to YYYY-MM-DD (local time), compatible with both
* ISO 8601 and ISO/IEC 9075-2:2003 (E) (SQL 'date' type).
* @param {Date} dateInRange year 0000 to 9999.
* @throws {Error} if the year is not in range
*/
function formatDate(dateInRange) {
var year = dateInRange.getFullYear(),
isInRange = year >= 0 && year <= 9999,
yyyy, mm, dd;
if(!isInRange) {
throw Error("formatDate: year must be 0000-9999");
}
yyyy = padLeft(year, 4, "0");
mm = padLeft(dateInRange.getMonth() + 1, 2, "0");
dd = padLeft(dateInRange.getDate(), 2, "0");
return yyyy + "-" + mm + "-" + dd;
}
/**
* @param {string} input: input value converted to string.
* @param {number} size: desired length of output.
* @param {string} ch: single character to prefix to s.
*/
function padLeft(input, size, ch) {
var s = input + "";
while(s.length < size) {
s = ch + s;
}
return s;
}
An Extended ISO 8601 local Date format YYYY-MM-DD can be parsed to a
Date with the following:-
/**Parses string formatted as YYYY-MM-DD to a Date object.
* If the supplied string does not match the format, an
* invalid Date (value NaN) is returned.
* @param {string} dateStringInRange format YYYY-MM-DD, with year in
* range of 0000-9999, inclusive.
* @return {Date} Date object representing the string.
*/
function parseISO8601(dateStringInRange) {
var isoExp = /^\s*([\d]{4})-(\d\d)-(\d\d)\s*$/,
date = new Date(NaN), month,
parts = isoExp.exec(dateStringInRange);
if(parts) {
month = +parts[2];
date.setFullYear(parts[1], month - 1, parts[3]);
if(month != date.getMonth() + 1) {
date.setTime(NaN);
} else {
date.setHours(0, 0, 0, 0);
}
}
return date;
}
When formatting money for example, to format 6.57634 to 6.58, 6.5 to 6.50, and 6 to 6.00?
Rounding of x.xx5 is uncertain, as such numbers are not represented exactly. See also: Why does simple decimal arithmetic give strange results?
The statement n = Math.round(n * 100)/100 converts n to a Number value
close to a multiple of 0.01. However, there are some problems.
Converting the number to a string (n + ""), does not give
trailing zeroes. Rounding numbers that are very close to x.5, for example,
Math.round(0.49999999999999992) results 1.
ECMAScript Ed. 3.0 introduced Number.prototype.toFixed.
There are bugs in JScript's implementation with certain numbers,
for example 0.07.
Function numberToFixed returns accurate results that are
consistent across implementations where n > 0.
var numberToFixed =
(function() {
return toFixedString;
function toFixedString(n, digits) {
var unsigned = toUnsignedString(Math.abs(n), digits);
return (n < 0 ? "-" : "") + unsigned;
}
function toUnsignedString(n, digits) {
var t, s = Math.round(n * Math.pow(10, digits)) + "",
start, end;
if (/\D/.test(s)) {
return "" + n;
}
s = padLeft(s, 1 + digits, "0");
start = s.substring(0, t = (s.length - digits));
end = s.substring(t);
if(end) {
end = "." + end;
}
return start + end; // avoid "0."
}
})();
// Test results
document.writeln([
"numberToFixed(9e-3, 12) => " + numberToFixed(9e-3, 12),
"numberToFixed(1.255, 2) => " + numberToFixed(1.255, 2),
"numberToFixed(1.355, 2) => " + numberToFixed(1.355, 2),
"numberToFixed(0.1255, 3) => " + numberToFixed(0.1255, 3),
"numberToFixed(0.07, 2) => " + numberToFixed(0.07, 2),
"numberToFixed(0.0000000006, 1) => " + numberToFixed(0.0000000006, 1),
"numberToFixed(0.0000000006, 0) => " + numberToFixed(0.0000000006, 0)
].join("\n"));
Function padLeft can be found in the answer to:
How do I format a date with javascript?
For example, 5 * 1.015 does not give exactly
5.075 and 0.06+0.01 does
not give exactly 0.07 in javascript.
ECMAScript numbers are represented in binary as IEEE-754 (IEC 559)
Doubles, with a resolution of 53 bits, giving an accuracy of
15-16 decimal digits; integers up to just over 9e15 are
precise, but few decimal fractions are. Given this, arithmetic
is as exact as possible, but no more. Operations on integers
are exact if the true result and all intermediates are integers
within that range.
In particular, non-integer results should not normally be compared for equality; and non-integer computed results commonly need rounding; see How do I format a Number as a String with exactly 2 decimal places?
Otherwise, use Math.round on the results of expressions which
should be of integer value.
Method parseInt generally needs a
second parameter, radix, for the base (value between 2 and 36).
If radix is omitted, the base is determined by the contents of
the string. Any string beginning with '0x' or '0X' represents a
hexadecimal number. A string beginning with a leading 0 may be
parsed as octal (octal digits are 0-7). The string '09'
is converted to 0.
To force use of a particular base, use the radix
parameter: parseInt("09", base).
Variables are not typed; their values are. The conversion between a
string and a number happens automatically. Since plus (+) is
also used as in string concatenation, '1' + 1 is equal to '11'.
The string determines what + does. To overcome this, first convert the
string to a number. For example: +varname or Number(varname) or
parseInt(varname, 10) or parseFloat(varname).
Form control values are strings, as is the result from a prompt
dialog. Convert these to numbers before performing addition by using
the unary + operator: +'1' + 1 result is 2.
Math.random() returns a value R such that 0 <= R < 1.0; therefore:
// positive integer expected
function getRandomNumber(n) {
return Math.floor(n * Math.random());
}
- gives an evenly distributed random integer in the range from
0 to n - 1 inclusive; use getRandomNumber(n)+1 for 1 to n.
The eval() function should only be used when it is necessary to
evaluate a string supplied or composed at run-time; the string
can be anything from a simple (but unpredictable) expression such
as "12 * 2.54" to a substantial piece of javascript code.
There are two ways to access properties: the dot notation and the square bracket notation. What you are looking for is the square bracket notation in which the dot, and the identifier to its right, are replaced with a set of square brackets containing a string. The value of the string matches the identifier. For example:-
//dot notation var bodyElement = document.body; //square bracket notation, using an expression var bodyElement = document["bo"+"dy"];
A regular expression can be used:
function trimString(s) {
return s.replace(/^\s+|\s+$/g,'');
}
Implementations are inconsistent with \s. For example,
some implementations do not match \xA0 (no-break space),
among others.
A more consistent approach would be to create a character class that defines the characters to trim.
In HTML documents, named forms may be referred to as named
properties of the document.forms collection, and named form
controls may be referred to as named properties of the form's
elements collection:
var frm = document.forms["formname"]; var contrl = frm.elements["elementname"];
The (string) value property of such controls can be read
directly from the element:-
var value = contrl.value; value = +contrl.value; //string to number.
Some exceptions would be:
First Exception: Where the control is a SELECT element, and
support for older browsers, such as NN4, is required:
var value = contrl.options[contrl.selectedIndex].value;
Second Exception: Where several controls share the same name, such as radio buttons. These are made available as collections and require additional handling. For more information, see:-
Third Exception: File inputs. Most current browsers do not allow
reading of type="file" input elements in a way that is useful.
Form controls with any "illegal" characters can be accessed with
formref.elements["myselect[]"] - The bracket characters,
amongst others, are illegal in ID attributes and javascript
identifiers, so you should try to avoid them as browsers may
handle them incorrectly.
Microsoft introduced a shortcut that can be used to reference
elements which include an id attribute where the
id becomes a globally-accessible property. Some browsers reproduce
this behavior. Some, most notably Gecko-based browsers (Netscape and Mozilla),
do so only in "quirks" mode. The best approach is the document.getElementById
method, which is part of the W3C DOM standard and implemented
in modern browsers (including IE from version 5.0). So an
element with id="foo" can be referenced
with:-
var el = document.getElementById("foo");
Note: make sure not to use the same id twice in the same document
and do not give an element a name that matches an id
of another in the same document or it will trigger bugs in MSIE <= 7 with
document.getElementsByName and document.getElementById.
Images are cached by the browser depending on the headers sent by the server. If the server does not send sufficient information for the browser to decide the image is cacheable, the browser will check if the image has been updated every time you change the src of an image (in some user settings). To overcome this you must send suitable headers.
The oncontextmenu is a proprietary method and is not supported on
all browsers.
<body oncontextmenu="return false">
The short answer: Don't do that.
The navigator host object contains properties which
may identify the browser and version. These properties are historically
inaccurate. Some browsers allow the user to set navigator.userAgent to any value. For
example, Firefox, (type about:config and search useragent
or Safari, Develop > User Agent > Other..., IE, via Registry.
Other browsers, such as Opera, provide a list of user agents for the user to select from. There are also at least 25 other javascript capable browsers, with multiple versions, each with their own string.
Browser detection is unreliable, at best. It usually causes forwards-compatibility and maintenance problems. It is unrelated to the problem or incompatiblity it is trying to solve, and tends obscures the thinking behind the code.
Object detection is checking that the object in question exists. Capability detection goes one step further to actually test the object, method, or property, to see if behaves in the desired manner.
Feature Test Example:
/**
* Returns the element/object the user targeted.
* If neither DOM nor IE event model is supported, returns undefined.
* @throws TypeError if the event is not an object.
*/
function getEventTarget(e) {
e = e || window.event;
// First check for the existence of standard "target" property.
return e.target || e.srcElement;
}
Using the non-standard but widely implemented innerHTML property:
<div id="anID">Some Content</div> with script:
document.getElementById("anID").innerHTML =
"Some <em>new</em> Content";
Where "anID" is the (unique on the HTML page)
id attribute value of the element to modify.
If the new content is only text and does not need to replace existing HTML,
it is more efficient to modify the data property of a text node.
document.getElementById("anID").firstChild.data = "Some new Text";
Note: Make sure the element exists on the page (and has been parsed) before trying to reference it.
You cannot access elements that appear in the document after you try
to read them with a DOM method like document.getElementById.
You can either:
A) include your script after the HTML element it refers to, or B) use the "load" event to trigger your script.
Example A:
<div id="snurgle">here</div>
<script type="text/javascript">
(function(){
var snurgle = document.getElementById('snurgle');
})();
</script>
Example B:
<script type="text/javascript">
window.onload = findElement;
function findElement(){
var snurgle = document.getElementById('snurgle');
};
</script>
</head>
Write a cookie and read it back and check if it's the same.
You can't. The browser's history cannot be modified. However, you
can use location.replace(url); in some browsers to replace
the current page in the history.
To reference another frame, you simply need to step through the
frame hierarchy: parent is the page the frame is
defined in, parent.framename is another frame in the same
frameset. To access a variable called Moomin in a frame called Snork you
would use parent.Snork.Moomin. To call the function Snufkin
in that frame you would use parent.Snork.Snufkin().
Note that it is not possible to communicate between frames on different domains this way.
Here is a detailed explanation of a cross-browser strategy to find the dimensions of the viewport, excepting all chrome (excludes scrollbars, etc).
We can consider various properties:
window.innerWidth document.clientWidth document.documentElement.clientWidth document.body.clientWidth
Of the browsers that have an innerWidth property, most
include scrollbar dimensions. Some versions of KHTML browsers
(including Safari 2) do not include scrollbar width.
The window.inner* properties are unreliable and not
useful here. We don't want scrollbar dimensions included.
document.clientWidth
Certain versions of KHTML, including Safari 2, have
document.clientHeight and document.clientWidth
properties. Where supported, these rare properties accurately
return the height and width of the viewport, without including
scrollbar dimensions.
document.documentElement.clientWidth document.body.clientWidth
MSHTML (Trident), Firefox (Gecko), Opera (Presto), and Safari
(Webkit) all support clientHeight on document.body
and document.documentElement. The difficulty is figuring out
which one is reliable. In other words which object to get the
clientHeight property from:documentElement or body?
What the number returned from either of these properties
represents depends on the environment. The environment includes
the browser, its version, and the rendering mode of the document.
In quirks mode, we'll mostly want to use body.clientHeight
(except for in Safari 2).
document.body.clientHeight
Some environments will return the viewport height. Others will
return 0. Yet others will return the clientHeight of
the BODY element.
document.documentElement.clientHeight
This is the more "standard" property for getting the height of
the viewport. It usually "works" in modern browsers in
standards mode. Notable exceptions include Safari 2 and
Opera <= 9.25, both of which return the clientHeight
of the html element. (Oddly, Opera <= 9.25
in standards mode returns the width of the viewport for
documentElement.clientWidth).
With the exception of Safari 2, body.clientHeight is reliable
where documentElement.clientHeight is found to be unreliable.
For example, in Safari 3+, Opera, and Mozilla, all in quirks mode,
document.documentElement.clientHeight returns the clientHeight
of the html element (this may seem unsurprising but
it is not what we want).
Conversely, document.body.clientHeight will return
the height of the viewport in most cases where
document.documentElement.clientHeight does not. An exception
to that is Safari 2, where documentElement.clientHeight
and body.clientHeight both return the height of their
corresponding element (not what we want).
By using a combination of Feature Testing and Capability Testing, the dimensions of the viewport can be strategically retrieved from the property that works in the environment the script is running in. The trick is determining which property will give us the value we want.
Since document.clientHeight is reliable where
(rarely) supported, and since browsers that support this property
don't return the viewport dimensions from
document.body.clientHeight or
document.documentElement.clientHeight, this should be the
very first condition:
// Safari 2 uses document.clientWidth (default).
if(typeof document.clientWidth == "number") {
// use document.clientWidth.
}
The next strategy is to determine if
document.documentElement.clientHeight property is unreliable.
It is deemed "unreliable" when it is either 0 or taller
than the viewport.
Determining if documentElement.clientHeight is 0 is easy.
The result is stored in a variable IS_BODY_ACTING_ROOT.
var docEl = document.documentElement,
IS_BODY_ACTING_ROOT = docEl && docEl.clientHeight === 0;
docEl = null;
To determine if documentElement.clientHeight returns
a value taller than the viewport, we need a
Capability Test.
If we can force documentElement to be very tall
(taller than a normal viewport) we can then check to see if
documentElement.clientHeight returns that "very tall" number.
If it does, then it is unreliable.
We can force documentElement to be taller than the viewport
(or any "normal" viewport) by adding a div to the body,
give that div a height larger than any normal monitor,
and then check to see if documentElement.clientHeight is
that high (or "almost" that high, to account for documentElement
having a border).
// Used to feature test Opera returning wrong values
// for documentElement.clientHeight.
// The results of this function should be cached,
// so it does not need to be called more than once.
function isDocumentElementHeightOff(){
var d = document,
div = d.createElement('div');
div.style.height = "2500px";
d.body.insertBefore(div, d.body.firstChild);
var r = d.documentElement.clientHeight > 2400;
d.body.removeChild(div);
return r;
}
We can use this function to see if we should use
body.clientHeight, instead. (but only after checking if
document.clientHeight is supported).
// Safari 2 uses document.clientWidth (default).
if(typeof document.clientWidth == "number") {
// use document.clientHeight/Width.
}
else if(IS_BODY_ACTING_ROOT || isDocumentElementHeightOff()) {
// use document.body.clientHeight/Width.
} else {
// use document.documentElement.clientHeight/Width.
}
The preceding strategy was developed by Garrett Smith with input
from John David Dalton. A complete and tested example can be found
in APE Library under APE.dom.getViewportDimensions.
Source code:
http://dhtmlkitchen.com/ape/build/dom/viewport-f.js.
APE is publicly released under Academic Free License.
APE home: http://dhtmlkitchen.com/ape/.
Note: The dimensions cannot be determined accurately until after the document has finished loading.
var myWin;
function openWin(aURL) {
if (!myWin || myWin.closed ) {
myWin = window.open(aURL,'myWin');
} else {
myWin.location.href = aURL;
myWin.focus();
}
}
Popup windows are generally best avoided.
IE prints the frame that has focus when you call the print
method frameref.focus();frameref.print();
Use windowRef.close(), where windowRef is a Window object
reference, such as window, top, parent, self, or a reference
obtained from the window.open() method. You can only close
windows opened by scripts, no others.
In the normal browser security model, it is impossible for a script from one domain to access the properties of pages served from another domain, or a different protocol. Any attempt to access a property in such cases will result in a "Permission Denied" error. Signed scripts or trusted ActiveX objects can overcome this in limited situations.
There is no built-in way to pause execution in javascript such
as a sleep function, but hosts usually provide a method of some
form. Web browsers are designed for event driven programming and
only provide the setTimeout and setInterval functions
to facilitate timed delays. The delay before calling Snork may
exceed the second parameter to setTimeout and setInterval
due to implementation differences among browsers.
To call the function Snork(), approximately 10 seconds
after the function Moomin() completes, you would do this:
Moomin(); setTimeout(Snork,10000);
Script execution is not stopped, and adding Snufkin() after the
setTimeout line would immediately execute the function Snufkin()
before Snork().
Achieving delays through running a loop of some sort for a pre-defined period is a bad strategy, as that will inhibit whatever was supposed to be happening during the delay, including blocking user interation.
Other (less event driven) hosts have different wait functions,
such as WScript.Sleep() in the Windows Script Host.
In a normal security environment, you can't change anything. The page stylesheet rules provide some options, but are not supported in browsers yet. If you can, use an ActiveX or Plugin ScriptX and Neptune from Meadroid to give you more control for Windows versions of Internet Explorer, Netscape, and Opera.
The buttons on a confirm box cannot be changed, nor can you specify a default button. However, you should be able to change the question so that "OK" is suitable as the default. e.g. change "We will now buy ourselves a Porsche with your credit card, Do you want to continue with this transaction OK Cancel" to "We will now buy ourselves a Porsche with your credit card, Would you like to abandon this transaction? OK Cancel"
This text can only be altered by changing the URL of the page.
It is not possible with client-side javascript.
Some browsers accept the Content-Disposition header, but this
must be added by the server. Taking the form:-
Content-Disposition: attachment; filename=filename.ext
When changing the status in an event (e.g. onmouseover) you
should return true from the event. Also a number of browsers
require a short delay before setting the status to overcome their
default behaviour with the statusbar.
onevent="setTimeout('window.status=\'Moomin\'',15);"
Most browsers are configured, by default, to disallow scripts from setting
the status bar text.
In a default security environment you are very limited in how much
you can modify the current browser window. You can use
window.resizeTo or window.moveTo to resize or move a
window respectively, but that is it. Normally you can only
suggest chrome changes in a window.open.
Use the target attribute on the form, opening a window with that name and your feature string in the onsubmit handler of the FORM.
<form action=""
target="wndname" onsubmit="window.open('',this.target,'features');return true;">
New windows can be opened on browsers that support the
window.open function and are not subject to the action of any
pop-up blocking mechanism with code such as:-
var wRef;
if(window.open){
wRef = window.open("http://example.com/page.html","windowName");
}
Ajax
is shorthand for Asynchronous JavaScript And XML. The technology is
based on the XMLHttpRequest Object. At its simplest,
it is the sending/retrieving of new data from the server without
changing or reloading the window location.
An alternative to the XMLHttpRequest Object is Remote Scripting:
Although XMLHttpRequest can be used to download
entire pages, it is often used for downloading small pieces
of data that can be used to update the current page.
Use the server-side language to generate the javascript:
// JSP
var jsvar = "${ jspVar }";
// PHP
var jsvar = "<?php echo $phpVar ?>";
If the string contains a quote mark, it will have to be escaped.
If the an inline-script tag is used, and the string must not
contains characters such as <, >, &.
This cannot be done reliably. Here's why:
The URL below has more information.
You trigger a server-side script by sending an HTTP request.
This can be acheived by setting the src of an img,
Image, frame, or iframe,
or by using
XHR.
An image will also "swallow" the data sent back by the server, so that they will not be visible anywhere.
var dummyImage = new Image(); dummyImage.src = "scriptURL.asp?param=" + varName;
Mozilla, Opera 7.6+, Safari 1.2+, and Windows IE 7
provide the XMLHttpRequest object
(Windows IE versions 5+, provides ActiveX to acheive an analagous
effect). XMLHttpRequest can send HTTP requests to
the server, and provides access the responseText or responseXML
(when the response is XML), and HTTP header information.
To reload a page, use location.reload(). However, this depends
upon the cache headers that your server sends. To change this,
you need to alter the server configuration. A quick fix on the
client is to change the page URI so that it contains a unique
element, such as the current time. For example:
location.replace(location.href+'?d='+new Date().valueOf())
If the location.href already contains a query String, use:
location.replace(location.href+'&d='+new Date().valueOf())
Browsers cache the results of HTTP requests to reduces network traffic.
To force the browser to request the document from the server, either
set the EXPIRES and/or CACHE-CONTROL response header(s)
with a past date or use a unique query string.
req.open("GET", "/example.jsp?date=" + (+new Date), true);
Always use the appropriate HTTP method. Do not use POST
to prevent caching. See RFC 2616.
There are debugging tools for many browsers. Learn to use them all.
Tools, Internet Options, Advanced, and uncheck
Disable Script Debugging. After enabling Script Debugging,
a Script Debugger option will appear in the View menu.
Internet Options, Advanced, deselect "Disable Script Debugging",
select "Display a notification ...".
Develop menu in Safari 3.1 or higher, select
the checkbox labeled "Show Develop menu in menu bar" in
Safari's Advanced Preferences panel.
Page menu icon and select
Developer > JavaScript Console. From here, you'll be
able to view errors in the JavaScript execution, and enter
additional javascript commands to execute.
Page menu icon > Developer
> Debug JavaScript, the debugger provides a command prompt from which you
can set breakpoints, backtrace, and more. Type help at the debugger
command line to get started.
In practice you can't. While you could create a suitable encryption system with a password in the page, the level of support you need to do this means it's always simpler to do it server-side. Anything that "protects" a page other than the current one is definitely flawed.
With clientside javascript you can't as your code is distributed in source form and is easily readable. With JScript, there is the Script Encoder (see MSDN), but this is nothing more than obfuscation. Disabling the right mouse button also does nothing to protect your script in a Web browser.
Security means that by default you can't. In a more restricted environment, there are options. For example, using LiveConnect to connect to Java with Netscape, and using the FileSystemObject in IE. Check Google Groups archives for previous posts on the subject.
Whatever the rest of your question, this is generally a very bad idea.
The javascript: pseudo protocol was designed to replace the
current document with the value that is returned from the expression.
For example:
<a href="javascript:'<h1>' + document.lastModified + '</h1>'">lastModified</a>
will result in replacing the current document with the value
returned from document.lastModified, wrapped in an <h1>
tag.
When the expression used evaluates to an undefined value
(as some function calls do), the contents of the current page are not
replaced. Regardless, some browsers (notably IE6) interpret this as
navigation and will enter into a 'navigation' state where GIF
animations and image swaps will stop working.
It is also possible for IE to be configured such that it supports
javascript but not the javascript: protocol. This results
in the user seeing a protocol error for javascript: URIs.
The javascript: pseudo protocol creates accessibility and
usability problems in user agents that do not support javascript, or
have javascript disabled. It provides no fallback for when the script
is not supported.
Instead, use
<a href="something.html" onclick="somefunction();return false">
where something.html is a meaningful alternative. Alternatively,
attach the click callback using an event registry.
If a poster feels that the question they are answering should be covered in the FAQ, placing <FAQENTRY> in the post lets the FAQ robot collect the messages for easy review and inclusion. A Draft Proposal for the FAQ is requested and appreciated.
The <FAQENTRY> should not be used in posts except in conjunction with a suggestion/proposal for the FAQ. It should also not be literally quoted in replies, instead it should be partly obscured as, e.g. <FAQ**TRY> or similar.
To make a suggestion to the FAQ, use either the FAQENTRY method above, or email Garrett Smith dhtmlkitchen@gmail.com (current FAQ editor) or Jim Ley (jim.ley@gmail.com). All comments, suggestions, and especially corrections are welcome.
13 Comments and Suggestions
The FAQ uses the stylesheet faq.css and is generated from the xml source index.xml by the windows script host script process.wsf which also checks the links.