|Paradigm||Multi-paradigm: prototype-based, functional, imperative, scripting|
|Designed by||Brendan Eich|
|Developer||Netscape Communications Corporation, Mozilla Foundation|
|Latest release||1.8/ 2008|
|Typing discipline||dynamic, weak, duck|
|Dialects||JScript, JScript .NET|
|Influenced by||Self, C, Scheme, Perl, Python, Java|
The following features are common to all conforming ECMAScript implementations, unless explicitly specified otherwise.
- conditional clauses
- property getter and setter functions
- iterator protocol adopted from Python
- shallow generators/coroutines also adopted from Python
- array comprehensions and generator expressions also adopted from Python
- proper block scope via new keyword
- array and object destructuring (limited form of pattern matching)
- concise function expressions ()
LCMCalculator: a = 28, b = 56, gcd = 28, lcm = 56 LCMCalculator: a = 21, b = 56, gcd = 7, lcm = 168 LCMCalculator: a = 25, b = 55, gcd = 5, lcm = 275 LCMCalculator: a = 22, b = 58, gcd = 2, lcm = 638
- Opening or popping up a new window with programmatic control over the size, position, and attributes of the new window (i.e. whether the menus, toolbars, etc. are visible).
- Validation of web form input values to make sure that they will be accepted before they are submitted to the server.
- Changing images as the mouse cursor moves over them: This effect is often used to draw the user's attention to important links displayed as graphical elements.
Furthermore, scripts will not work for all users. For example, a user may:
- use an old or rare browser with incomplete or unusual DOM support,
- or be visually or otherwise disabled and use a speech browser
XSS vulnerabilities can also occur because of implementation mistakes by browser authors.
Another cross-site vulnerability is cross-site request forgery or CSRF. In CSRF, code on an attacker's site tricks the victim's browser into taking actions the user didn't intend at a target site (like transferring money at a bank). It works because, if the target site relies only on cookies to authenticate requests, then requests initiated by code on the attacker's site will carry the same legitimate login credentials as requests initiated by the user. In general, the solution to CSRF is to require an authentication value in a hidden form field, and not only in the cookies, to authenticate any request that might have lasting effects. Checking the HTTP Referrer header can also help.
These flaws have affected major browsers including Firefox, Internet Explorer, and Safari.
In Windows Vista, Microsoft has attempted to contain the risks of bugs such as buffer overflows by running the Internet Explorer process with limited privileges.Google Chrome similarly limits page renderers to an operating-system-enforced "sandbox."
- ActionScript, the programming language used in Adobe Flash, is another implementation of the ECMAScript standard.
- ECMAScript was included in the VRML97 standard for scripting nodes of VRML scene description files.
|Version||Release date||Equivalent to||NetscapeNavigator||MozillaFirefox||InternetExplorer||Opera||Safari||GoogleChrome|
|1.3||October 1998||ECMA-262 1 edition / ECMA-262 2 edition||4.06-4.7x||4.0|
|1.5||November 2000||ECMA-262 3 edition||6.0||1.0||5.5 (JScript 5.5),|
6 (JScript 5.6),
7 (JScript 5.7),8 (JScript 6)
|1.6||November 2005||1.5 + Array extras + Array and String generics + E4X||1.5||3.0, 3.1|
|1.7||October 2006||1.6 + Pythonic generators + Iterators + let||2.0||3.2, 4.0||1.0|
|1.8||June 2008||1.7 + Generator expressions + Expression closures||3.0|
|1.8.1||1.8 + Minor Updates||3.5|
|1.9||1.8.1 + ECMAScript 5 Compliance||4|