Thursday, September 06, 2007

Allowing debug in a javascript library

Hi, some days ago I watched John Resig Tech Talk, about building a JavaScript library, where he pointed out some "good habits", when programming, and when doing js libraries, pretty interesting.

Any way, he mentioned that we shouldn't use try&catch because the coder "cant" debug his code, because we trap the error, and he is never able to see it.. so, I thought that an interesting way of letting the "error pass", but still have controll of the library is using setTimeout, to let the code run asynchronously.

The code I submitted to his blog, is:

setTimeout(function(){/*code here*/},0);

So, the error is reported to the user, and we dont loose the control of the code..

Some time after that I thought that, it could also be used for letting code runing in memory.. (but it's cancelled as soon as you leave the website).

Any way, as a programmer, I see this as a technique for running more than 1 process at one, as a security researcher, I see this as a technique for running XSS payloads in a more sigilous way.