Tag Archives: Quality

JSLint: The JavaScript Code Quality Tool

Warning!

JSLint
will hurt your feelings.

What is JSLint?

JSLint
is a JavaScript program that looks for problems in JavaScript programs.
It is a code quality tool.

When C

was a young
programming language, there were several common programming errors that
were not caught by the primitive compilers, so an accessory program called
lint
was developed that would scan a source file, looking for problems.

As the language matured, the definition of the language was
strengthened to eliminate some insecurities, and compilers got better
at issuing warnings. lint is no longer needed.

JavaScript is a young-for-its-age
language. It was originally intended to do small tasks in webpages, tasks
for which Java was too heavy and clumsy. But JavaScript is a very capable
language, and it is now being used in larger projects. Many of the features
that were intended to make the language easy to use are troublesome for
larger projects. A lint for JavaScript is needed: JSLint,
a JavaScript syntax checker and validator.

JSLint takes a JavaScript source and scans it. If it finds
a problem, it returns a message describing the problem and an approximate
location within the source. The problem is not necessarily a syntax error,
although it often is. JSLint looks at some style conventions
as well as structural problems. It does not prove that your program is
correct. It just provides another set of eyes to help spot problems.

JSLint defines a professional subset of JavaScript, a stricter
language than that defined by Third
Edition of the ECMAScript Programming Language Standard
. The
subset is related to recommendations found in Code
Conventions for the JavaScript Programming Language
.

JavaScript is a sloppy language, but inside it there is an elegant, better
language. JSLint helps you to program in that better language
and to avoid most of the slop.

JSLint can operate on JavaScript source, HTML source, or JSON

text.

Global Variables

JavaScript’s biggest
problem
is its dependence on global variables, particularly implied
global variables. If a variable is not explicitly declared (usually with
the var statement), then JavaScript assumes that the variable
was global. This can mask misspelled names and other problems.

JSLint expects that all variables and functions are declared
before they are used or invoked. This allows it to detect implied global
variables. It is also good practice because it makes programs easier to
read.

Sometimes a file is dependent on global variables and functions that
are defined elsewhere. You can identify these to JSLint with a var statement that lists the global functions and objects
that your program depends on.

A global declaration can look like this:

var getElementByAttribute, breakCycles, hanoi;

The declaration should appears near the top of the file. It must appear before the use of the variables
it declares.

It is necessary to use a var statement to declare a variable before that variable is assigned to.

JSLint also recognizes a /*global */ comment that can indicate to JSLint that variables used in this file were defined in other files. The comment can contain a comma separated list of names. Each name can optionally be followed by a colon and either true or false, true indicated that the variable may be assigned to by this file, and false indicating that assignment is not allowed which is the default.

Some globals can be predefined for you. Select the Assume
a browser
(browser) option to
predefine the standard global properties that are supplied by web browsers,
such as document and alert. It has the same
effect as this comment:

/*global addEventListener: false, alert: false, blur: false, clearInterval: false, clearTimeout: false, close: false, closed: false, confirm: false, console: false, Debug: false, defaultStatus: false, document: false, event: false, focus: false, frames: false, getComputedStyle: false, history: false, Image: false, length: false, location: false, moveBy: false, moveTo: false, name: false, navigator: false, onblur: true, onerror: true, onfocus: true, onload: true, onresize: true, onunload: true, open: false, opener: false, opera: false, Option: false, parent: false, print: false, prompt: false, resizeBy: false, resizeTo: false, screen: false, scroll: false, scrollBy: false, scrollTo: false, setInterval: false, setTimeout: false, status: false, top: false, XMLHttpRequest: false */

The browser option does
not include the aliases of the global object, window and
self.

Select the Assume Rhino (rhino) option

to predefine the global properties provided by the Rhino environment.
It has the same effect as this statement:

/*global defineClass: false, deserialize: false, gc: false, help: false, load: false, loadClass: false, print: false, quit: false, readFile: false, readUrl: false, runCommand: false, seal: false, serialize: false, spawn: false, sync: false, toint32: false, version: false */

Select the Assume a Yahoo Widget (widget)
option to predefine the global properties provided
by the Yahoo! Widgets environment. It has the same effect as this statement:

/*global alert: true, animator: true, appleScript: true, beep: true, bytesToUIString: true, Canvas: true, chooseColor: true, chooseFile: true, chooseFolder: true, closeWidget: true, COM: true, convertPathToHFS: true, convertPathToPlatform: true, CustomAnimation: true, escape: true, FadeAnimation: true, filesystem: true, Flash: true, focusWidget: true, form: true, FormField: true, Frame: true, HotKey: true, Image: true, include: true, isApplicationRunning: true, iTunes: true, konfabulatorVersion: true, log: true, md5: true, MenuItem: true, MoveAnimation: true, openURL: true, play: true, Point: true, popupMenu: true, preferenceGroups: true, preferences: true, print: true, prompt: true, random: true, Rectangle: true, reloadWidget: true, ResizeAnimation: true, resolvePath: true, resumeUpdates: true, RotateAnimation: true, runCommand: true, runCommandInBg: true, saveAs: true, savePreferences: true, screen: true, ScrollBar: true, showWidgetPreferences: true, sleep: true, speak: true, Style: true, suppressUpdates: true, system: true, tellWidget: true, Text: true, TextArea: true, Timer: true, unescape: true, updateNow: true, URL: true, Web: true, widget: true, Window: true, XMLDOM: true, XMLHttpRequest: true, yahooCheckLogin: true, yahooLogin: true, yahooLogout: true */

Semicolon

JavaScript uses a C-like syntax which requires the use of semicolons to delimit
statements. JavaScript attempts to make semicolons optional with a semicolon
insertion mechanism. This is dangerous.

Like C, JavaScript has ++ and -- and ( operators
which can be prefixes or suffixes. The disambiguation is done by the semicolon.

In JavaScript, a linefeed can be whitespace or it can act as a semicolon.
This replaces one ambiguity with another.

JSLint expects that every statement be followed by ; except
for for, function, if, switch, try, and
while. JSLint does not expect to see unnecessary semicolons or the
empty statement.

Line Breaking

As a further defense against the semicolon insertion mechanism, JSLint
expects long statements to be broken only after one of these punctuation
characters or operators:

, . ; : { } ( [ = < > ? ! + - * / % ~ ^ | &

== != <= >= += -= *= /= %= ^= |= &= << >>

|| &&

=== !== <<= >>= >>> >>>=

JSLint does not expect to see a long statement broken after
an identifier, a string, a number, closer, or a suffix operator:

) ] ++ --

JSLint allows you to turn on the Tolerate sloppy line
breaking
(laxbreak) option.

Semicolon insertion can mask copy/paste errors. If you always break lines
after infix operators, then JSLint can do better at finding errors.

Comma

The comma operator can lead to excessively tricky expressions. It can also
mask some programming errors.

JSLint expects to see the comma used as a separator, but not as an
operator (except in the initialization and incrementation parts of the for
statement). It does not expect to see elided elements in array literals. Extra
commas should not be used. A comma should not appear after the last element
of an array literal or object literal because it can be misinterpreted by some
browsers.

Scope

In many languages, a block introduces a scope. Variables introduced in
a block are not visible outside of the block.

In JavaScript, blocks do not introduce a scope. There is only function-scope.
A variable introduced anywhere in a function is visible everywhere in
the function. JavaScript’s blocks confuse experienced programmers and
lead to errors because the familiar syntax makes a false promise.

JSLint expects blocks with function, if,
switch, while, for, do,
and try statements and nowhere else.

In languages with block scope, it is usually recommended that variables
be declared at the site of first use. But because JavaScript does not
have block scope, it is wiser to declare all of a function’s variables
at the top of the function. It is recommended that a single var
statement be used per function. This can be enforced with the onevar
option.

Required Blocks

JSLint expects that if, while,
do and for statements will be made with blocks
{that is, with statements enclosed in braces}.

JavaScript allows an if to be written like this:

if (condition)
    statement;

That form is known to contribute to mistakes in projects where many programmers
are working on the same code. That is why JSLint expects the use of
a block:

if (condition) {
    statements;
}

Experience shows that this form is more resilient.

Expression Statements

An expression statement is expected to be an assignment or a function/method
call or delete. All other expression statements are considered
to be errors.

for in

The for in statement allows for looping through
the names of all of the properties of an object. Unfortunately,
it also loops through all of the members which were inherited through
the prototype chain.
This has the bad side effect of serving up method
functions when the interest is in data members.

The body of every for in statement should be
wrapped in an if statement that does filtering. It can select
for a particular type or range of values, or it can exclude functions,
or it can exclude properties from the prototype. For example,

for (name in object) {
    if (object.hasOwnProperty(name)) {
        ....
    }

}

switch

A common
error
in switch statements is to forget to place a break
statement after each case, resulting in unintended fall-through. JSLint

expects that the statement before the next case or default
is one of these: break, return, or throw.

var

JavaScript allows var definitions to occur anywhere
within a function. JSLint is more strict.

JSLint expects that a var will be declared
only once, and that it will be declared before it is used.

JSLint expects that a function
will be declared before it is used.

JSLint expects that parameters will not also be declared
as vars.

JSLint does not expect the arguments array to be declared
as a var.

JSLint does not expect that a var will be defined in a block.
This is because JavaScript blocks do not have block scope. This can have
unexpected consequences. Define all variables at the top of the function.

with

The with statement was intended to provide a shorthand in accessing
members in deeply nested objects. Unfortunately, it behaves very
badly
when setting new members. Never use the with statement. Use
a var instead.

JSLint does not expect to see a with statement.

=

JSLint does not expect to see an assignment statement in
the condition part of an if or for or while

or do statement. This is because it is more
likely that

if (a = b) {
    ...
}

was intended to be

if (a == b) {
    ...
}

It is difficult to write correct programs while using idioms that are
hard to distinguish from obvious errors. If you really intend an assignment,
wrap it in another set of parens:

if ((a = b)) {
    ...
}

== and !=

The == and != operators do type coercion before
comparing. This is bad because it causes ' \t\r\n' == 0 to
be true. This can mask type errors.

When comparing to any of the following values, use the ===

or !== operators (which do not do type coercion): 0
'' undefined null false true

If you only care that a value is truthy or falsy,
then use the short form. Instead of

(foo != 0)

just say

(foo)

and instead of

(foo == 0)

say

(!foo)

The === and !== operators are preferred. There
is an eqeqeq option that requires
the use of === and !== in all cases.

Labels

JavaScript allows any statement to have a label, and labels have a
separate name space. JSLint is more strict.

JSLint expects labels only on statements that interact
with break: switch, while,
do, and for. JSLint expects that labels
will be distinct from vars and parameters.

Unreachable Code

JSLint expects that
a return, break, continue,
or throw statement will be followed by
a } or case or default.

Confusing Pluses and Minuses

JSLint expects that + will not be followed by
+ or ++, and that - will not be followed
by - or --. A misplaced space can turn + + into ++, an error that is difficult to see. Use parens to avoid confusion..

++ and --

The ++ (increment) and -- (decrement)
operators have been known to contribute to bad code by encouraging excessive
trickiness. They are second only to faulty architecture in enabling to
viruses and other security menaces. There is a plusplus option

that prohibits the use of these operators.

Bitwise Operators

JavaScript does not have an integer type, but it does have bitwise operators.
The bitwise operators convert their operands from floating point to integers
and back, so they are not as efficient as in C or other languages. They
are rarely useful in browser applications. The similarity to the logical
operators can mask some programming errors. The bitwise option
prohibits the use of these operators: << >> >>>
~ & |
.

eval is evil

The eval function (and its relatives, Function,
setTimeout, and setInterval) provide access
to the JavaScript compiler. This is sometimes necessary, but in most cases
it indicates the presence of extremely bad coding. The eval
function is the most misused feature of JavaScript.

void

In most C-like languages, void is a type. In
JavaScript, void is a prefix operator that always
returns undefined. JSLint does not expect to
see void because it is confusing and not very useful.

Regular Expressions

Regular expressions are written in a terse and cryptic notation. JSLint
looks for problems that may cause portability problems. It also attempts
to resolve visual ambiguities by recommending explicit escapement.

JavaScript’s syntax for regular expression literals overloads the /
character. To avoid ambiguity, JSLint expects that the character
preceding a regular expression literal is a ( or =

or : or , character.

Constructors and new

Constructors are functions that are designed to be used with the new
prefix. The new prefix creates a new object based on the
function’s prototype, and binds that object to the function’s
implied this parameter. If you neglect to use the new

prefix, no new object will be made and this will be bound
to the global object. This is a serious
mistake
.

JSLint enforces the convention that constructor functions
be given names with initial uppercase. JSLint does not expect
to see a function invocation with an initial uppercase name unless it
has the new prefix. JSLint does not expect to
see the new prefix used with functions whose names do not
start with initial uppercase. This can be controlled with the newcap

option.

JSLint does not expect to see the wrapper forms new Number,
new String, new Boolean.

JSLint does not expect to see new Object (use {}

instead).

JSLint does not expect to see new Array (use []
instead).

Unsafe Characters

There are characters that are handled inconsistently in browsers, and
so must be escaped when placed in strings.

\u0000-\u001f
\u007f-\u009f
\u00ad
\u0600-\u0604
\u070f
\u17b4
\u17b5
\u200c-\u200f
\u2028-\u202f
\u2060-\u206f
\ufeff
\ufff0-\uffff

Not Looked For

JSLint does not do flow analysis to determine that variables are assigned
values before used. This is because variables are given a value (undefined)
which is a reasonable default for many applications.

JSLint does not do any kind of global analysis. It does
not attempt to determine that functions used with new are
really constructors (except by enforcing capitalization
conventions
), or that property names are spelled correctly (except
for matching against the /*members */ comment
).

HTML

JSLint is able to handle HTML text. It can inspect the JavaScript content
contained within <script></script> tags. It
also inspects the HTML content, looking for problems that are known to interfere
with JavaScript:

  • All tag names must be in lower case.
  • All tags that can take a close tag (such as </p>)
    must have a close tag.
  • All tags are correctly nested.
  • The entity &lt; must be used for literal '<'.

JSLint is less anal than the sycophantic conformity demanded
by XHTML, but more strict than the popular browsers.

JSLint also checks for the occurrence of '</' in
string literals. You should always write '<\/' instead.
The extra backslash is ignored by the JavaScript compiler but not by the
HTML parser. Tricks like this should not be necessary, and yet they are.

There is a cap option that allows
use of upper case tag names. There is also an on option

that allows the use of inline HTML event handlers.

There is a fragment option that can
inspect a well formed HTML fragment. If the adsafe option
is also used, then the fragment must be a <div> that
conforms to the ADsafe widget rules.

CSS

JSLint can inspect CSS files. It expects the first line
of a CSS file to be

@charset "UTF-8";

This feature is experimental. Please report any problems or limitations.
There is a css option that will tolerate
some of the non-standard-but-customary workarounds.

Options

JSLint provides several options that control its operation and
its sensitivity. In the web edition, the
options are selected with several checkboxes and two fields. Clicking on
the button will give
you the ideal settings.

It also provides assistance in constructing /*jslint*/
comments.

When JSLINT is called as a function, it accepts an option object
parameter that allows you to determine the subset of JavaScript that is
acceptable to you. The web page version of JSLint at http://www.JSLint.com/
does this for you.

Options can also be specified within a script with a /*jslint */

comment:

/*jslint nomen: true, debug: true,
    evil: false, onevar: true */

An option specification starts with /*jslint. Notice that
there is no space before the j. The specification contains
a sequence of name value pairs, where the names are JSLint
options, and the values are true or false. The
indent option can take a number. A /*jslint */

comment takes precedence over the option object.

Description option Meaning
ADsafe adsafe true if ADsafe

rules should be enforced. See http://www.ADsafe.org/.

Disallow bitwise operators bitwise true if bitwise operators should not be allowed. (more)
Assume a browser browser true if the standard browser globals should be predefined.
(more)
Tolerate HTML case cap true if upper case HTML should be allowed.
Require Initial Caps for constructors newcap true if Initial Caps must be used with constructor
functions. (more)
Tolerate CSS workarounds css true if CSS workarounds should be tolerated. (more)
Tolerate debugger statements debug true if debugger statements should be
allowed. Set this option to false before going into production.
Disallow == and != eqeqeq true if === should be required. (more)
Tolerate eval evil true if eval should be allowed. (more)
Tolerate unfiltered for in forin true if unfiltered for in

statements should be allowed. (more)

Tolerate HTML fragments fragment true if HTML fragments should be allowed. (more)
Require parens around immediate invocations immed true if immediate function invocations must be wrapped
in parens
Strict white space indentation indent The number of spaces used for indentation (default is 4)
Tolerate sloppy line breaking laxbreak true if statement breaks should not be checked. (more)
Maximum number of errors maxerr The maximum number of warnings reported (default is 50)
Maximum line length maxlen The maximum number of characters in a line
Disallow dangling _ in identifiers nomen true if names should be checked for initial or trailing underbars
Tolerate HTML event handlers on true if HTML event handlers should be allowed. (more)
Allow one var statement per function onevar true if only one var statement per function
should be allowed. (more)
Stop on first error passfail true if the scan should stop on first error.
Disallow ++ and -- plusplus true if ++ and -- should
not be allowed. (more)
Predefined ( , separated) predef An array of strings, the names of predefined global variables.
predef is used with the option object, but not
with the /*jslint */ comment. Use the var

statement to declare global variables in a script file.

Disallow insecure . and [^]. in /RegExp/ regexp true if . and [^] should not be allowed in RegExp
literals. These forms should not be used when validating in secure applications.
Assume Rhino rhino true if the Rhino
environment globals should be predefined. (more)
Safe Subset safe true if the safe subset rules are enforced. These rules
are used by ADsafe. It enforces
the safe subset rules but not the widget structure rules.
Assume a Windows Sidebar Gadget sidebar true if the Windows
Sidebar Gadgets
globals should be predefined. (more)
Require "use strict"; strict true if the ES5 "use strict"; pragma
is required.
Tolerate inefficient subscripting sub true if subscript notation may be used for expressions
better expressed in dot notation.
Disallow undefined variables undef true if variables must be declared before used. (more)
Strict white space white true if strict whitespace rules apply.
Assume a Yahoo Widget widget true if the Yahoo
Widgets
globals should be predefined. (more)

Members

Since JavaScript is a loosely-typed, dynamic-object language, it is not
possible to determine at compile time if property names are spelled correctly.
JSLint provides some assistance with this.

At the bottom of its report, JSLint displays a /*members*/
comment. It contains all of the names and string literals that were used
with dot notation, subscript notation, and object literals to name the
members of objects. You can look through the list for misspellings. Member
names that were only used once are shown in italics. This is to make misspellings
easier to spot.

You can copy the /*members*/ comment into your script file.
JSLint will check the spelling of all property names against
the list. That way, you can have JSLint look for misspellings
for you.

Report

If JSLint is able to complete its scan, it generates a function
report. It lists for each function:

  • The line number on which it starts.
  • Its name. In the case of anonymous functions, JSLint
    will "guess" the name.
  • The parameters.
  • Closure: The variables and parameters that are declared in
    the function that are used by its inner functions.
  • Variables: The variables that are declared in the function
    that are used only by the function.
  • Exceptions: The variables that are declared by try statements.
  • Unused: The variables that are declared in the function that
    are not used. This may be an indication of an error.
  • Outer: Variables used by this function that are declared in
    another function.
  • Global: Global variables that are used by this function. Keep
    these to a minimum.
  • Label: Statement labels that are used by this function.

The report will also include a list of all of the member
names
that were used. There is a list of JSLint
messages
.

Feedback

Please let me know if JSLint is useful for you. Is it too
strict? Is there a check or a report that could help you to improve the
quality of your programs? douglas@crockford.com

I intend to continue to adapt JSLint based on your comments.
Keep watching for improvements. Updates are announced at http://tech.groups.yahoo.com/group/jslint_com/.

Try it

Try it. Paste your script
into the window and click the

button. The analysis is done by a script running on your machine.
Your script is not sent over the network. You can set the options used.
The button in the
Options area will preset the best options for you.
JSLint is also available in a WSH Command Line version.
JSLint is also available in a Rhino Command Line

version.

Tools For Unit Testing Java Web Applications

There are a lot of ways to do unit tests, but sometimes unit testing becomes difficult. This could be because we need to test a Struts action or we do not want the unit tests to hit the database. So, the question is what tools can we use for testing java web applications? This is not meant as a complete and thorough overview, just some of the tools we know of or have looked into at some time. In many cases, you will find that the testing code is very repetitive, so we may end up building frameworks on top of these frameworks. I am sure I missed something or maybe even your favorite, so just leave me a comment.

Basic Java Testing – JUnit and TestNG are the most popular tools for basic java unit testing. JUnit typically has a small advantage as it has been around longer and is included with most packages of Eclipse. However, I do not think one is really better than the other, they are just different.

Mock Objects – EasyMock and jMock are popular mock objects frameworks. Sometimes you have to simulate the way another system works, and mock objects are perfect for this. You can even create your own mock object, but the frameworks make it easy to avoid extra code.

Database Interaction – DBUnit is really the only decent framework I have seen. It allows you to insert data before the test is run and cleans up after the test is complete. However, capturing the appropriate data for a test is not simple for anything but the most trivial applications.

User Interface Testing – UI testing is notoriously difficult and many applications skip it entirely. If you are testing your generated html, you will want to look at the following tools and determine which best suits your needs. This is a special case, as there is no “one true way” to test the user interface. These are all free tools as I am a fan of keeping things as cheap as possible if the tools are good enough.

* Selenium – Maybe the most complete package of the bunch and supports testing in IE, FireFox and Safari. Your unit tests are written in java, so you just need to learn the API. They also have interesting server options where you can run your tests across servers. You can even record tests using a FireFox add-on.
* Canoo WebTest – This is another framework that can record tests with a FireFox add-on. The tests for WebTest are typically written in xml files. This gives you the option to build a library of fragments of functionality to include in various tests. You can also write your tests in Groovy or use the Java API directly. These can also be run directly from within Ant.
* Watij – This is a port of the popular Ruby testing framework, Watir. The tests are written in Java using their API. They also include BeanShell so that you can interactively test your code. This is a really interesting option if you are not sure what a unit test should look like initially.
* JWebUnit – This is more of a meta-framework, where it can build upon HtmlUnit or Selenium. HtmlUnit is fairly good by itself, but sometimes a framework is just too low-level for some people or people find that they keep doing the same things and decide to build upon the framework. There is one problem with JWebUnit, the documentation is very sparse, so the learning curve ciould be problematic.
* Cactus – This is another meta-framework, but this is from Apache. It is meant as a wrapper for testing an entire application from basic java testing, servlet testing and down to the user interface testing. Due to this meta concept, the documentation can be a bit vague. However, I have heard good things from those people that spent the time to learn more. Disappointingly, I have not had the time to dive into it much.

There are a lot of other tools out there as well. FitNesse is very popular, but it takes a very distinct approach to how unit tests are built. For Struts applications, there is a framework called StrutsTestCase that is immensely helpful as well. For a big list of testing and related software, take a look at XProgramming.com. They list testing frameworks for almost every language. Lastly, it is always a good idea to know how well your software is tested. This is not a question of whether all of your tests pass, but how much of the code is actually tested. My favorite test code coverage tool is Cobertura. It is fairly simple to use and the reports are generated in a similar manner to how JUnit generates reports.

So, if you know of a good free java testing tool, drop me a note in the comments. Sometimes a good tool may not be getting enough publicity or I may not have had time to look at it. In any case, keep testing until you have good test coverage. And remember the testing mantra, “Red, Green, Refactor”