Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 1 year ago.
Improve this question
I was checking the view source of the site http://mothereffinghsl.com/ . It was coded by Paul Irish
In the code the id of the html elements are not enclosed in quotes for few elements. For other elements the id is enclosed in quotes. Is this a good practice. Is it a mistake or purposefully omitted? I dont think a person like Paul has overlooked it.
<div id="main" role="main">
<h1>Mother-effing <span>hsl()</span></h1>
<canvas width=360 height=100>your browser doesnt support canvas.</canvas>
<span id=loading>one sec, bro.</span>
<label id=sat>Saturation</label>
What are your thoughts?
Edited after accepting the answer
Conclusion:
In html5 quotes are not necessary, but recommend for reasons mentioned in the comments.
Also its NOT a good practice to use quotes for some attributes and not for some other even though it is supported.
From the article Why attribute values should always be quoted in HTML
There are several reasons to use quotes around attribute values always:
It's easier, since you need not memorize and recall the rules for
allowable omission.
In XML, quotes are always required (since XML has
SHORTTAG NO; see Comparison of SGML and XML). You may use XML in the
future, and in that case your life will be simpler if you have
adopted the habit of quoting attribute values.
When someone (you or
someone else) later edits your HTML file, he may easily forget to add
the quotes if he edits an attribute value in manner which makes the
quotes mandatory. For example, an attribute like SRC=foo.gif is
legal, but if someone changes the attribute (e.g. due to moving a
file to another directory) to SRC=images/foo.gif it becomes illegal.
So, I'd say it's not the best of practices to omit quotes.
He's using HTML5. Attribute quotes are optional in HTML5 (and HTML 4, just not in XHTML). See Do you quote HTML5 attributes? and http://mathiasbynens.be/notes/unquoted-attribute-values (that second link references Paul Irish BTW!)
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I have plain HTML code, without Javascript code in it.
How would you detect if any form of Javascript was injected in the HTML ?
The application generates HTML client side. And needs to validate it once it arrives on the server.
The goal is NOT to remove Javascript, but simply detect the presence of it.
This is what tools like HTML Purifier are for. They break the input into tokens are run them against a white list.
This is safer than trying to find specific ways of inserting scripts into HTML, because there are tricks with malformed tags or non obvious attributes being used. See the XSS Evasion Cheat Sheet for example.
Removing can be easier than detecting - just escape all the HTML etc. you get with htmlspecialchars($string).
Alright, so this is a very interesting challenge:
First, check for all script tags, both capital and lowercase
<SCRIPT> <script> <sCrIPt>
Then, check for event handlers (onclick etc).
For this, we use DOM
$dom = new DOMDocument;
$dom->loadHTML($string);
You can work all sorts of magic with DOM, I recommend reading their documentation. Check for any attributes with "on" in them
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 7 years ago.
Improve this question
There are many ways to use JavaScript. When I use JavaScript with an anchor, I write code like this and I think this way is right.
Method One
But my co-worker uses JS like this.
Method Two
Is there a coding standard or are both methods correct?
DISCLAIMER: Inline JavaScript is, generally speaking, a bad idea, and 99% of the time you're much better off separating concerns, and using a library, such as jQuery, or whatever similar toolset that your framework of choice recommends.
Nonetheless, to answer your question, if you must use inline JavaScript, I recommend that you omit the "JavaScript:" keyword. It specifies a "pseudo-protocol," and is not necessary for modern browsers to interpret the code. It is a relic from the last decade, and there is a bug with some versions of IE:
"There is one (somewhat obscure) bug with the javascript protocol - in
Internet Explorer*, it will think you are leaving the page when you
click the link. If you are using window.onbeforeunload, then your
navigate-away message will appear at this time. For this reason alone,
we've stopped using the javascript protocol completely so we don't
have this bug show up because we forgot to check for it when we add a
navigate-away message to some page."
When do I need to specify the JavaScript protocol?
https://bytes.com/topic/javascript/answers/504856-javascript-pseudo-protocol-event-handlers
Both the ways are ok but in first way you should use a external JS file. Otherwise it is ok.
For small tasks and events second ways is good.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 9 years ago.
Improve this question
I am beginner in JavaScript and I am wondering why string literals with single and double quotes still live together? There already was a discussion on StackOverflow about which are better to use in certain situations, but why a majority of other languages do not have such feature, despite it is still an official JavaScript standard? It is much interesting to know - I do not believe this feature is some "rudimentary" stuff left from older versions. Thorough explanations are appreciated.
I am wondering why string literals with single and double quotes still live together?
I'm not following your "still" in that sentence. JavaScript was originally defined to have two kinds of quotes so that it's easier to do quoted quotes, and there's no reason to change that. There are lots of reasons not to change it. (Not least that it's useful. But also removing it would break a truly huge amount of code.)
...why a majority of other languages do not have such feature...
In most languages syntactically derived from B (as JavaScript is, like C, C++, C#, and Java), single quotes are used for character literals. But JavaScript doesn't have characters, just strings, so the single quotes aren't needed for that purpose.
...despite it is still an official JavaScript standard?
Yes, it's in the specification and that won't be changing.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 9 years ago.
Improve this question
should I replace document.getElementById or so by document.querySelector?
any difference?
Will you recommend me to use querySelector?
When you are selecting on ids anyway, use getElementById as that’s a lot more efficient than using querySelector on an id selector. The latter runs the whole CSS selector parsing, while the former can just take the ID and get the element with that ID directly.
Of course, when selecting based on other criteria than the element’s id, querySelector (and querySelectorAll) obviously has its place.
(The obligatory benchmark to prove this claim, although I do want to note that benchmarks are not everything, and the difference probably won’t make much difference in an actual application.)
Both serves same purpose in your case. But getElementById is most proven approach. However, if you are not concerned about legacy browsers then querySelector will also suffice.
Enjoy!
If querySelector is available in the browser that your users use. Then you can use it. It is nice to not have to litter your html with ids. Selecting using css selectors is extremely flexible.
Performance is a red herring. My shitty old laptop can manage 3 million selections a second...
The real problem is compatibility. How are you going to deal with browsers that don't have it available? Do you care? You probably have to care.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
I am writing up some code in Javascript/JQuery that involves some confusing DOM operations, or at least they are to me because I'm relatively inexperienced.
I try to help myself by doing a couple of console.log()s, but the thing is if you just log a DOM element you get useless information, mostly it's object Object.
I was wondering what the most usefull generic attributes of a HTML element are so that I could easily follow what the script is doing?
I was wondering what the most usefull generic attributes of a HTML element are so that I could easily follow what the script is doing?
Don't use logging for debugging. Use a debugger for debugging. Even IE (8 and up) has a debugger built in. If you want to know what the code is doing, there's nothing that substitutes for stepping through the code in the debugger and examining your various variables and such as you go.
But answering your specific question, I'd say I'd want to see the DOM element's tagName, className (e.g, class[es]), and id (if any).
I would use chrome when inspecting the console log, the objects actually come through so you can expand and see all of their properties. Keep in mind some of the older browsers, IE8 or 7, do not support console.log and it will throw a javascript error.