Here’s a quick presentation I did at Hack Reactor NYC on Javascript’s strict mode.

Intro

  • Introduced in ECMAScript 5
  • Is a way to opt in to a restricted variant of JavaScript, that intentionally has different semantics from normal code.
  • Browsers not supporting strict mode will run strict mode with different behavior

Major Changes

  • Eliminates some silent errors, changing them to throw errors
  • Strict mode fixes mistakes that make it difficult for JavaScript to perform optimizations
  • Can sometimes be made to run faster than identical code that’s not strict mode

Strict Mode is Not Strictly Typed.

Strict mode is not TypeScript (with strict types / type checking, transpiles to vanilla JavaScript).

(╯ರ ~ ರ)╯︵ ┻━┻

Unofficial Term for Non-Strict Mode

“Sloppy mode.”
ಠ_ಠ

Invoking Strict Mode

  • Applies to entire scripts or individual functions.
  • Doesn’t apply to block statements in {} braces.
  • Eval code, function code, event handler attributes, and strings passed to WindowTimers.setTImeout() and the like are entire scripts. Invoking strict mode works as expected.
  • Put the exact statement "use strict"; or 'use strict'; before any other statements.

Warning

  • Concatenating a strict mode script with a non-script mode script renders the entire concatenated script strict!
  • And the reverse: non-script plus script renders the entire script non-strict. ಠ_ಠ
  • Thus, it’s recommended that you enable strict mode on a function-by-function basis.

Strict mode for functions

1
2
3
4
5
6
7
function strict() {
// Function-level strict mode syntax
'use strict';
function nested() { return 'And so am I!'; }
return "Hi! I'm a strict mode function! " + nested();
}
function notStrict() { return "I'm not strict."; }

Three Major Categories of Fixes

  • Converting mistakes into errors
  • SImplifying how the particular variable for a given use of a name is computed
  • Changes simplifying eval and arguments
  • Changes making it easier to write “secure” javascript (ಠ◡ಠ)
  • Changes anticipating future ECMAScript evolution.

Converting Mistakes into Errors

  • JavaScript sometimes gives operations which should be errors non-error semantics
    • Under strict mode, it’s
      • Impossible to accidentally create global variables
      • Assignments that otherwise fall silent (e.g. assigning to NaN ) throw exceptions
      • Makes attempts to delete undeletable properties throw exceptions

More Mistakes to Errors

- Duplicate property names are errors
- Requires that function parameter names be unique
- Forbids octal syntax: `var sum = 015` becomes a syntax error. Octal values are assigned through the prefix `0a`.
- Forbids setting properties on primitive values. (`false.true = ''; // throws TypeError`)

Simplifying Variable Uses

  • Prohibits with
    1
    2
    3
    4
    5
    6
    7
    8
    var x = 17;
    with (obj) { // !!! syntax error
    // If this weren't strict mode, would this be var x, or
    // would it instead be obj.x? It's impossible in general
    // to say without running the code, so the name can't be
    // optimized.
    x;
    }

Simplifying Variable Uses - Eval

  • eval of strict mode code does not introduce new variables into the surrounding scope.
  • Makes eval and arguments simpler. (Complex: reference the MDN)

“Securing” JavaScript

  • The value passed as this to a function in strict mode is not forced into being an object. For a normal function, this is always an object.
    • This can expose the global object, which is a security hazard (◉︵◉).
  • No longer possible to “walk” the javascript stack via commonly-implemented extensions to ECMAScript.
    • fun.caller and fun.arguments are non-deletable properties which throw exceptions when set or retrieved.
  • arguments for strict mode functions no longer provide access to the corresponding function call’s variables.

Paving the Way for Future ECMAScript Versions

  • A short list of identifiers become reserved keywords: implements, interface, let, package, private, protected, public, static, and yield
  • Strict mode prohibits function statements not at the top level of a script or function