On 28 August 2012 09:57, Tim Starling tstarling@wikimedia.org wrote:
On 28/08/12 13:04, Daniel Friesen wrote:
I still can't believe the high-level jQuery answer after all these years to "Select a div with an id provided by the user" is "Use `$( "div#" + userInput )` and hope there are no special characters. Or find some way to escape it yourself." when low-level dom can just query by ID and there is no reason for jQuery to force people to express everything in querys they parse when they could actually declare portions of a query with object notations.
I share your reservations about jQuery, I voiced them at the time it was introduced to MediaWiki. I trolled the proponents by musing about how awesome jQuery would be if the selector engine (Sizzle) were removed.
Personally, I would use document.getElementById() to do that. It's standard, and it's faster and more secure. More complex selectors derived from user input can be replaced with jQuery.filter() etc. with no loss of performance.
The selector thing is a query language, and very powerful / abusable. Pretty much like SQL or any other 4th generation programming language.
Is high level, so you always have the risk of people doing something weird, but normally allow for JQuery programs to do in 3 lines of code what normally will take 30 or 50 lines. These 3 lines have less probability to be bug free, and shows intention better than the low level enhanced javascript code. The Javascript language is hard in a non obvious way, and this help is necessary.