Introduction

JavaScript (JS) is a high-level interpreted programming language that is also considered to be dynamic, weakly typed, prototype-based, and multi-paradigm. Alongside Hypertext Markup Language (HTML) and Cascading Style Sheets (CSS), is one of the three core technologies of the World Wide Web (WWW). Its characteristics allow for the creation of dynamic web pages which can be interactive with users. It can be found employed commonly by most modern-day websites while all modern-day browsers support it without the need of any plugin through means of a built-in JavaScript Engine. Each JS Engine represents a different implementation of JS and is all based on the ECMAScript specification with some not supporting the spec fully while many others support it entirely and more features beyond it.

Because of its multi-paradigm characteristic, JS supports event-driven, functional, and imperative (which includes object-oriented and prototype-based) programming styles; making it quite diverse. Its API is capable of working with text, arrays, dates, regular expressions, and basic Document Object Model (DOM) manipulation; however, it is not capable of doing any Input/Output (I/O) operations; such as networking, storage, or graphics facilities. This is because the language itself does not include this functionality and instead, relies upon the host environment it is embedded in for these functions.

Initially, the language was implemented on the client-side of web browsers for the sake of the end-user; however, in the modern times, JS engines have expanded and can be implemented into many other types of host software; including server-side databases, runtime environments to allow use of JS in mobile and desktop application development, and even non-web word processors and PDF software.

Another thing of note is that, despite JavaScript's many similarities to Java (name, syntax, and standard libraries), the languages differ greatly in design and are distinct as JS was influenced by programming languages such as Self and Scheme.

Features

As mentioned before, JavaScript Engines are all based on the ECMAScript specification and as such, lots of features the language has is because of conforming to the specification. Its universal support which means that all modern web-browsers must support it with built-in interpreters, its imperative and structured nature means that it supports much of the structured programming of C; although, unlike C, it performs automatic semicolon insertion which means that while programming, a developer would not have to worry about inserting them on their own to define the end of a statement.

To build on this, the language is Dynamically Typed; meaning, that when declaring variables, there is no need to identify specific variable types as each variable change with ease; such as a variable which once held a string now holding an integer. It also has Dynamic Runtime Evaluation using a special function, eval which allows string-provided statements to be executed at runtime.

It's prototype-based characteristic allows for it to be object-oriented and almost entirely object-based. Within the language, an object is designed as an associative array that has been augmented with a prototype. Through this method, each string key property of the array is a property of the object and they can be identified through either dot notation (object.property = 10) or bracket notation (object[property] = 10). These properties can be added, rebounded, or deleted at runtime and most can all be enumerated through the use of a for-in loop on an object. Something to note is that while this is also defined as an object-oriented characteristic, JS uses prototypes to achieve this, unlike other object-oriented languages which use classes for inheritance. This means that functions double as object constructors to create prototypes and as methods to manipulate the properties of prototypes.

It also handles delegation both implicitly and explicitly which allows for the special this keyword of an object to gain additional behavior within its function body through the function-based implementation of Role patterns such as Traits and Mixins. Along with this, object composition and inheritance are also achieved through its support of both implicit and explicit delegation.

Moreover, its support for regular expressions puts a lot of power in the hands of developers to manipulate text in a sophisticated fashion while its variadic functions allow for an indefinite number of parameters to be passed to a function. It even allows for array and objects literals to be created using a succinct syntax shortcut; much like every other scripting language.

Applications and Uses

The most common use of JavaScript today is to add client-side behavior to HTML; a process which is now commonly called Dynamic HTML (DHTML). This is accomplished by having JS scripts be included from or embedded into HTML pages and interact with the DOM of the page. Some simple examples of this application is the loading of new page content or submitting data to the server via Ajax, animating page elements which can include fading them in and out, resizing them, or moving them, and validating the user input of a web form to ensure it is acceptable before use.

These uses became very commonplace not just for the sake of the user and usability, but because of how quickly they can be processed as well. This is because JS is supported by all web-browsers and therefore; these implementations can be quickly resolved on the client’s machine without having to communicate to the server. This makes for a more responsive and desirable user experience just from some of the simpler things which can be achieved. When looking into the realm of more complex things, the worth of JavaScript can be truly seen; for instance, HTML has no means of detecting user actions such as individual keystrokes. As such, it is JavaScript which is used to accomplish this in applications such as Gmail which has most of its user-logic and message dispatch functionality done by the JS.

Something to note however is that since JavaScript is capable of running across multiple environments, one should be thorough and ensure their script works across multiple browsers through testing and debugging. For example, the DOM interfaces for manipulating web pages is not a part of the ECMAScript specification or of JavaScript itself. In fact, it is defined by a different specification under the World Wide Web Consortium (W3C). As such, developers may employ standards compliant-code will also be executed correctly for most browsers or failing that, check to ensure the browser is capable of certain features and act accordingly to suit if it is not. Building on this, there are some other cases where the script might have some issues running for users, such as if they are using a PDA or mobile browser which cannot execute JS, a speech browser because of some visual disability or other reason, an old or rare browser with unfamiliar or unsupported DOM support, or they may simply have JS disabled as a precaution.

Security

Despite it's many great, powerful, and flexible uses, it should be noted that JavaScript is still not perfect. A very common issue the language faces is Cross-Site Scripting (XSS) which is a malicious technique a hacker might employ on a webpage to execute their script on a target web page. These types of attacks are often used to steal precious information from users of the website; such as the banking credentials of an unsuspecting victim.

Misplaced trust in either the client using a web page or developer of that web page is another thing to consider as well. In the case of the former, a developer must realize that untrusted clients could potentially be under control of an attacker while they must also realize that using popular packages such as npm and Bower in parallel with JS means to place faith in those systems to be secure.

User error can also come into play with regards to Browser and plugin coding errors which can allow vulnerabilities such as buffer overflows. What this means is that the input of some field was larger than suspected and had some of its memory overwrite an adjacent space in memory with its data. As a result, the data there could be lost and if it was something of great importance, an attacker could easily take advantage of this.