JavaScript — A Video Map Guide

Creation at Netscape The first popular web browser with a graphical user interface, Mosaic, was released in 1993. The lead developers of Mosaic then founded the Netscape corporation, which released a more polished browser, Netscape Navigator, in 1994. This quickly became the most-used. During these formative years of the Web, web pages could only be static, lacking the capability for dynamic behavior after the page was loaded in the browser. There was a desire in the flourishing web development scene to remove this limitation, so in 1995, Netscape decided to add a programming language to Navigator. They pursued two routes to achieve this: collaborating with Sun Microsystems to embed the Java language, while also hiring Brendan Eich to embed the Scheme language. The goal was a "language for the masses", "to help nonprogrammers create dynamic, interactive Web sites". Netscape management soon decided that the best option was for Eich to devise a new language, with syntax similar to Java and less like Scheme or other extant scripting languages. Although the new language and its interpreter implementation were called LiveScript when first shipped as part of a Navigator beta in September 1995, the name was changed to JavaScript for the official release in December. The choice of the JavaScript name has caused confusion, implying that it is directly related to Java. At the time, the dot-com boom had begun and Java was a popular new language, so Eich considered the JavaScript name a marketing ploy by Netscape. Adoption by Microsoft Microsoft debuted Internet Explorer in 1995, leading to a browser war with Netscape. On the JavaScript front, Microsoft created its own interpreter called JScript. Microsoft first released JScript in 1996, alongside initial support for CSS and extensions to HTML. Each of

"JavaScript" is a trademark of Oracle Corporation in the United States. The trademark was originally issued to Sun Microsystems on 6 May 1997, and was transferred to Oracle when they acquired Sun in 2009. A letter was circulated in September 2024, spearheaded by Ryan Dahl, calling on Oracle to free the JavaScript trademark. Brendan Eich, the original creator of JavaScript, was among the over 14,000 signatories who supported the initiative.

JavaScript is the dominant client-side scripting language of the Web, with 99% of all websites using it for this purpose. Scripts are embedded in or included from HTML documents and interact with the DOM. All major web browsers have a built-in JavaScript engine that executes the code on the user's device. Examples of scripted behavior Loading new web page content without reloading the page, via Ajax or a WebSocket. For example, users of social media can send and receive messages without leaving the current page. Web page animations, such as fading objects in and out, resizing, and moving them. Playing browser games. Controlling the playback of streaming media. Generating pop-up ads or alert boxes. Validating input values of a web form before the data is sent to a web server. Logging data about the user's behavior then sending it to a server. The website owner can use this data for analytics, ad tracking, and personalization. Redirecting a user to another page. Storing and retrieving data on the user's device, via the storage or IndexedDB standards. Libraries and frameworks Over 80% of websites use a third-party JavaScript library or web framework as part of their client-side scripting. jQuery is by far the most-used. Other notable ones include Angular, Bootstrap, Lodash, Modernizr, React, Underscore, and Vue. Multiple options can be used in conjunction, such as jQuery and Bootstrap. However, the term "Vanilla JS" was coined for websites not using any libraries or frameworks at all, instead relying entirely on standard JavaScript functionality.

The use of JavaScript has expanded beyond its web browser roots. JavaScript engines are now embedded in a variety of other software systems, both for server-side website deployments and non-browser applications. Initial attempts at promoting server-side JavaScript usage were Netscape Enterprise Server and Microsoft's Internet Information Services, but they were small niches. Server-side usage eventually started to grow in the late 2000s, with the creation of Node.js and other approaches. Electron, Cordova, React Native, and other application frameworks have been used to create many applications with behavior implemented in JavaScript. Other non-browser applications include Adobe Acrobat support for scripting PDF documents and GNOME Shell extensions written in JavaScript. Oracle used to provide Nashorn, a JavaScript interpreter, as part of their Java Development Kit (JDK) API library along with jjs a command line interpreter as of JDK version 8. It was removed in JDK 15. As a replacement Oracle offered GraalJS which can also be used with the OpenJDK which allows one to create and reference Java objects in JavaScript code and add runtime scripting in JavaScript to applications written in Java. JavaScript has been used in some embedded systems, usually by leveraging Node.js.

JavaScript engine .excerpt-hat This section is an excerpt from List of JavaScript engines. The first engines for JavaScript were mere interpreters of the source code, but all relevant modern engines use just-in-time compilation for improved performance. JavaScript engines are typically developed by web browser vendors, and every major browser has one. In a browser, the JavaScript engine runs in concert with the rendering engine via the Document Object Model and Web IDL bindings. However, the use of JavaScript engines is not limited to browsers; for example, the V8 engine is a core component of the Node.js runtime system. They are also called ECMAScript engines, after the official name of the specification. With the advent of WebAssembly, some engines can also execute this code in the same sandbox as regular JavaScript code. Runtime system A JavaScript engine must be embedded within a runtime system (such as a web browser or a standalone system) to enable scripts to interact with the broader environment. The runtime system includes the necessary APIs for input/output operations, such as networking, storage, and graphics, and provides the ability to import scripts. JavaScript is a single-threaded language. The runtime processes messages from a queue one at a time, and it calls a function associated with each new message, creating a call stack frame with the function's arguments and local variables. The call stack shrinks and grows based on the function's needs. When the call stack is empty upon function completion, JavaScript proceeds to the next message in the queue. This is called the event loop, described as "run to completion" because each message is fully processed before the next message is considered. However, the language's concurrency model describes the event loop as non-blocking: program I/O is

The following features are common to all conforming ECMAScript implementations unless explicitly specified otherwise. The number of cited reserved words including keywords is 50–60 and varies depending on the implementation. Imperative and structured Structured programming JavaScript supports much of the structured programming syntax from C (e.g., if statements, while loops, switch statements, do while loops, etc.). One partial exception is scoping: originally JavaScript only had function scoping with var; block scoping was added in ECMAScript 2015 with the keywords let and const. Like C, JavaScript makes a distinction between expressions and statements. One syntactic difference from C is automatic semicolon insertion, which allow semicolons (which terminate statements) to be omitted. Weakly typed Weakly typed JavaScript is weakly typed, which means certain types are implicitly cast depending on the operation used. The binary + operator casts both operands to a string unless both operands are numbers. This is because the addition operator doubles as a concatenation operator The binary - operator always casts both operands to a number Both unary operators (+, -) always cast the operand to a number. However, + always casts to Number (binary64) while - preserves BigInt (integer) Values are cast to strings as follows: Strings are left as-is Numbers are converted to their string representation Arrays have their elements cast to strings after which they are joined by commas (,) Other objects are converted to the string [object Object] where Object is the name of the constructor of the object Values are cast to numbers by casting to strings and then casting the strings to numbers. These processes can be modified by defining toString and valueOf functions on the prototype for string and number casting respectively. JavaScript has received criticism for

JavaScript syntax Variables in JavaScript can be defined using either the var, let or const keywords. Variables defined without keywords will be defined at the global scope. Arrow functions were first introduced in 6th Edition – ECMAScript 2015. They shorten the syntax for writing functions in JavaScript. Arrow functions are anonymous, so a variable is needed to refer to them in order to invoke them after their creation, unless surrounded by parenthesis and executed immediately. Here is an example of JavaScript syntax. // Declares a function-scoped variable named x, and implicitly assigns the // special value undefined to it. Variables without value are automatically // set to undefined. // var is generally considered bad practice and let and const are usually preferred. var x; // Variables can be manually set to undefined like so let x2 = undefined; // Declares a block-scoped variable named y, and implicitly sets it to // undefined. The let keyword was introduced in ECMAScript 2015. let y; // Declares a block-scoped, un-reassignable variable named z, and sets it to // a string literal. The const keyword was also introduced in ECMAScript 2015, // and must be explicitly assigned to. // The keyword const means constant, hence the variable cannot be reassigned // as the value is constant. const z = "this value cannot be reassigned!"; // Declares a global-scoped variable and assigns 3. This is generally considered // bad practice, and will not work if strict mode is on. t = 3; // Declares a variable named myNumber, and assigns a number literal (the value // 2) to it. let myNumber = 2; // Reassigns myNumber, setting it to a string literal (the value "foo"). // JavaScript is a dynamically-typed language, so this is legal. myNumber = "foo"; Note the comments in the examples above, all of which were preceded with two forward slashes. More exam

Browser security JavaScript and the DOM provide the potential for malicious authors to deliver scripts to run on a client computer via the Web. Browser authors minimize this risk using two restrictions. First, scripts run in a sandbox in which they can only perform Web-related actions, not general-purpose programming tasks like creating files. Second, scripts are constrained by the same-origin policy: scripts from one website do not have access to information such as usernames, passwords, or cookies sent to another site. Most JavaScript-related security bugs are breaches of either the same origin policy or the sandbox. There are subsets of general JavaScript—ADsafe, Secure ECMAScript (SES)—that provide greater levels of security, especially on code created by third parties (such as advertisements). Closure Toolkit is another project for safe embedding and isolation of third-party JavaScript and HTML. Content Security Policy is the main intended method of ensuring that only trusted code is executed on a Web page. Cross-site scripting Cross-site scripting A common JavaScript-related security problem is cross-site scripting (XSS), a violation of the same-origin policy. XSS vulnerabilities occur when an attacker can cause a target Website, such as an online banking website, to include a malicious script in the webpage presented to a victim. The script in this example can then access the banking application with the privileges of the victim, potentially disclosing secret information or transferring money without the victim's authorization. One important solution to XSS vulnerabilities is HTML sanitization. Some browsers include partial protection against reflected XSS attacks, in which the attacker provides a URL including malicious script. However, even users of those browsers are vulnerable to other XSS attacks, such as those where the malicious code is stored in a database.

Important tools have evolved with the language. Every major web browser has built-in web development tools, including a JavaScript debugger. Static program analysis tools, such as ESLint and JSLint, scan JavaScript code for conformance to a set of standards and guidelines. Some browsers have built-in profilers. Stand-alone profiling libraries have also been created, such as benchmark.js and jsbench. Many text editors have syntax highlighting support for JavaScript code.

Java A common misconception is that JavaScript is directly related to Java. Both indeed have a C-like syntax (the C language being their most immediate common ancestor language). They are also typically sandboxed, and JavaScript was designed with Java's syntax and standard library in mind. In particular, all Java keywords were reserved in original JavaScript, JavaScript's standard library follows Java's naming conventions, and JavaScript's Math and Date objects are based on classes from Java 1.0. Both languages first appeared in 1995, but Java was developed by James Gosling of Sun Microsystems and JavaScript by Brendan Eich of Netscape Communications. The differences between the two languages are more prominent than their similarities. Java has static typing, while JavaScript's typing is dynamic. Java is loaded from compiled bytecode, while JavaScript is loaded as human-readable source code. Java's objects are class-based, while JavaScript's are prototype-based. Finally, Java did not support functional programming until Java 8, while JavaScript has done so from the beginning, being influenced by Scheme. JSON JSON is a data format derived from JavaScript; hence the name JavaScript Object Notation. It is a widely used format supported by many other programming languages. Transpilers Many websites are JavaScript-heavy, so transpilers have been created to convert code written in other languages, which can aid the development process. TypeScript and CoffeeScript are two notable languages that transpile to JavaScript. WebAssembly WebAssembly is a newer language with a bytecode format designed to complement JavaScript, especially the performance-critical portions of web page scripts. All of the major JavaScript engines support WebAssembly, which runs in the same sandbox as regular JavaScript code. asm.js is a subset of JavaScript that served as the forerunner