unescape everywhere; #asJavascript

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

unescape everywhere; #asJavascript

Herby Vojčík
Hello,

I've got two questions:

1. why is there somewhere `foo asJavascript` and somewhere literally
`nextPutAll: 'unescape("', foo escaped, '")'` when it more or less does
the same (and `asJavascript` in safe cases eschews unescape call
completely)? Could there not be `asJavascript` everywhere? (I tried, and
it worked for me).

2. could it be possible to take away unescape completely? I tried this:
instead of
`"unescape(\"" + escape(foo) + "\")"`
I used
`"\"" + escape(foo).replace(/%u/g, "\\u").replace(/%/g, "\\x") + "\""`

So instead of a call to unescape, this produced literal JS string with
\x and \u escaped chars inside.
Is this unsafe in a way I don't see (I tried, again, and for me it worked)?

Herby

P.S.: Even if in microbenchmarks unescape is monstrously slow in
comparision with literal strings, in real world I did not see any
noticeable gain in speed when tried 2. from above; maybe there was a
gain, but small (`asJavascript` saves a lot of cases, so there is
probably little percentage of real unescape calls during runtime).
Reply | Threaded
Open this post in threaded view
|

Re: unescape everywhere; #asJavascript

Nicolas Petton
Yeah, I guess #asJavascript could be used everywhere.
IIRC I introduced #asJavascript afterwards, that may explain why there's still some escape()/unescape().

Cheers,
Nico

On Apr 26, 2012, at 5:16 PM, Herby Vojčík wrote:

Hello,

I've got two questions:

1. why is there somewhere `foo asJavascript` and somewhere literally `nextPutAll: 'unescape("', foo escaped, '")'` when it more or less does the same (and `asJavascript` in safe cases eschews unescape call completely)? Could there not be `asJavascript` everywhere? (I tried, and it worked for me).

2. could it be possible to take away unescape completely? I tried this: instead of
`"unescape(\"" + escape(foo) + "\")"`
I used
`"\"" + escape(foo).replace(/%u/g, "<a href="smb://u">\\u").replace(/%/g, "<a href="smb://x">\\x") + "\""`

So instead of a call to unescape, this produced literal JS string with \x and \u escaped chars inside.
Is this unsafe in a way I don't see (I tried, again, and for me it worked)?

Herby

P.S.: Even if in microbenchmarks unescape is monstrously slow in comparision with literal strings, in real world I did not see any noticeable gain in speed when tried 2. from above; maybe there was a gain, but small (`asJavascript` saves a lot of cases, so there is probably little percentage of real unescape calls during runtime).