This post explains how the
with statement works in JavaScript and why its use is discouraged.
Syntax and semantics
Syntax:
with (object)
statement
introduces the properties of
object as local variables in
statement. Example (the braces are optional for single statements, but it is recommended to add them):
> with({ first: "John" }) { console.log("Hello "+first); }
Hello John
Its intended use is to avoid redundancy when accessing an object several times.
foo.bar.baz.bla = 123;
foo.bar.baz.yadda = "abc";
with turns this into:
with(foo.bar.baz) {
bla = 123;
yadda = "abc";
}
There is one similar case in JavaScript where the properties of an object are turned into variables and that is the global object
window. All of its properties are global variables and vice versa. While new global variables are automatically added to
window, the
with statement works differently: variables that are declared inside it are not added to its argument, but to the surrounding function, where they still exist after leaving it.
> with({}) { var x = "abc"; }
> x
'abc'
The with statement is deprecated
The use of the
with statement is generally discouraged. It is forbidden in strict mode:
> function foo() { "use strict"; with({}); }
SyntaxError: strict mode code may not contain 'with' statements
Best practice: Don’t use a
with statement.
with(foo.bar.baz) {
console.log("Hello "+first+" "+last);
}
Do use a temporary variable with a short name.
var b = foo.bar.baz;
console.log("Hello "+b.first+" "+b.last);
If you don’t want to expose the temporary variable
b to the current scope, you can use an
IIFE:
(function() {
var b = foo.bar.baz;
console.log("Hello "+b.first+" "+b.last);
}());
You also have the option of making the object that you want to access a parameter of the IIFE:
(function(b) {
console.log("Hello "+b.first+" "+b.last);
}(foo.bar.baz));
The rationale of the deprecation
To understand why
with is deprecated, look at the following example and notice how the function’s argument completely changes how it works.
function foo(arg) {
with(arg) {
console.log("arg: "+arg)
}
}
Interaction:
> foo("Hello");
arg: Hello // parameter arg
> foo({});
arg: [object Object] // parameter arg
> foo({ arg: "Hello" });
arg: Hello // property arg.arg
There are thus two problems that the
with statement causes:
- Performance: one cannot optimize the access to arg (or to any other variable used inside with), because one cannot predict whether arg will refer to a real variable or to a property inside the with argument. That can change with each call.
- Security: you cannot determine what an identifier refers to by looking at its syntactic surroundings (its lexical environment). According to Brendan Eich that was the actual reason why with was deprecated, not performance considerations. Quoting a tweet of his:
with violates lexical scope, making program analysis (e.g. for security) hard to infeasible.
2 comments:
I'd say that the ambiguity of the "with" statement is known to many developers who have been working with JS a bit longer, and while I never came into a situation where I felt like I wanted/had to use it, others at least seem to see proper use cases: http://webreflection.blogspot.com/2009/12/with-worlds-most-misunderstood.html. It would be interesting to know how often it is actually being used out there. But I guess many developers won't really miss it.http://webreflection.blogspot.com/2009/12/with-worlds-most-misunderstood.html. It would be interesting to know how often it is actually being used out there. But I guess many developers won't really miss it.
Thanks, good link.
Post a Comment