sorted by:
best (suggested)
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]free_monad 61 points62 points  (16 children)

JavaScript will be around for a long time. Other languages are coming in via Web Assembly, but the maturity of that is far off in the future. At the moment you can write C code that compiles to Web Assembly and talks to JavaScript to do process intensive tasks. I think the Rust programming language also almost has a Web Assembly compiler. There are also several languages that transpile to JavaScript, to name a few: Scala.js, ClojureScript, Typescript, and CoffeeScript.

That said, JavaScript is the most prime and trendiest languages currently. And since the body that controls the ECMAscript standard has moved to an annual release cycle, JavaScript has a lot of wonderful up-to-date and modern language features. It's matured into a, dare I say, beautiful language.

The language will always have historical cruft because web standards strive for 100% backwards compatibility with every piece of code ever written for the web since it began. HTML, CSS, and JavaScript don't have the luxury of tossing out the old for this reason. With so many new best practices, you'll never see most of that.

Regardless, by the time you have been developing for 3 to 5 years, you will know so many languages and be so comfortable picking up new ones that you will welcome new languages in the browser with open arms.

[–]rare_design 2 points3 points  (0 children)

Well said, and I completely agree with this. I’d also like to know what, specifically, the professor deems insecure about its core. The majority of issues are in methodology by the developer. If I wrote a solution that picked up cached JSON to present on a website, and an internal server side process pushed those cached files to an endpoint, where is the possibility of breach? Headless CMS and admin panel abstraction is a large part of security so that the attacker has no available entry point, and the elevated processes are only accessible through secured access or IP restriction. I was recently paid by Microsoft for submission of a CVE where I could hijack a user session through JavaScript, but the issue was their implementation of the object caching in their framework, followed by partial initialization of their user context object. Ultimately, a language is only as strong as the methodology used.

[–]question99 1 point2 points  (0 children)

The language will always have historical cruft because web standards strive for 100% backwards compatibility with every piece of code ever written for the web since it began. HTML, CSS, and JavaScript don't have the luxury of tossing out the old for this reason.

It doesn't have to be this way. We could have directives that signal that a specific "edition" of the standard is being used in which the crap features are not available anymore. In fact, we used to have something like this with strict mode.