— a console crash course
5.7 Performance & Security
Performance and security are complex subjects that cannot be
easily summarized to a simple lesson. But a number of points are
worth making even in this short format.
- Performance Myths. There are lots poor
performance. Most of this advice should just be ignored. Or in
the words of Don Knuth:
We should forget about small efficiencies, say about 97% of
the time: premature optimization is the root of all evil.
Yet we should not pass up our opportunities in that
So make sure to
your application in the real world. And before tuning your
source code according to anyones advice, run it through
jsperf.com and at least two
- Garbage Collection. The HTML DOM objects
that provide access to web page elements are very prone to
reclaimed by the garbage collector. Use profiling to find them
and avoid the following:
- Circular references between an object
and an HTML DOM node. Avoid them if possible or use the
- Long-lived closures (function scopes)
with a reference to an HTML DOM node. Any function that
returns another function is susceptible to these kind
- Security. The topic of
browser security is large and better explained elsewhere.
any particular security mechanisms. Any code that is imported
to a web page (e.g. via the
will have full access to the global scope variables, HTTP
cookies and more. This should require a high degree of trust.