javascript interactive

JavaScript Interactive — a console crash course

5.7 Performance & Security

Performance and security are complex subjects that cannot be easily summarized to a simple lesson. But a number of points are worth making even in this short format.

  • Performance Myths. There are lots poor recommendations and myths for optimization JavaScript performance. Most of this advice should just be ignored. Or in the words of Don Knuth:

    We should forget about small efficiencies, say about 97% of the time: premature optimization is the root of all evil. Yet we should not pass up our opportunities in that critical 3%.
    So make sure to profile your application in the real world. And before tuning your source code according to anyones advice, run it through and at least two different JavaScript engines.
  • Garbage Collection. The HTML DOM objects that provide access to web page elements are very prone to cause JavaScript memory leaks, i.e. memory that cannot be reclaimed by the garbage collector. Use profiling to find them and avoid the following:
    • Circular references between an object and an HTML DOM node. Avoid them if possible or use the API.
    • Long-lived closures (function scopes) with a reference to an HTML DOM node. Any function that returns another function is susceptible to these kind of issues.
  • Security. The topic of web browser security is large and better explained elsewhere. Worth noting here though, is that JavaScript does not provide any particular security mechanisms. Any code that is imported to a web page (e.g. via the <script> element) will have full access to the global scope variables, HTTP cookies and more. This should require a high degree of trust.

Index 1 2 3 4 5 6 7 8