From: .html
JavaScript has two operators for determining whether two values are equal:
- The strict equality operator === only considers values equal that have the same type.
- The “normal” (or lenient) equality operator == tries to convert values of different types, before comparing like strict equality.
The advice given to JavaScript beginners is to completely forget about == and to always use ===.
But what is the reason behing it for not using == operator? Will it result to security risk?
But using typeof operator we can be sure that the result will be a string. Then == is safe to use, because we can be sure that it won’t perform any conversion shenanigans:
if (typeof x == "function") {
...
}
From: http://www.2ality.com/2011/12/strict-equality-exemptions.html
JavaScript has two operators for determining whether two values are equal:
- The strict equality operator === only considers values equal that have the same type.
- The “normal” (or lenient) equality operator == tries to convert values of different types, before comparing like strict equality.
The advice given to JavaScript beginners is to completely forget about == and to always use ===.
But what is the reason behing it for not using == operator? Will it result to security risk?
But using typeof operator we can be sure that the result will be a string. Then == is safe to use, because we can be sure that it won’t perform any conversion shenanigans:
if (typeof x == "function") {
...
}
4 Answers
Reset to default 11The == operator is OK to use when the code is comfortable with implicit conversions taking place under the hood. This process, while counter intuitive at times, is well defined.
However I would still absolutely use === in the sample you provided. When no conversions are expected to take place then using == introduces confusion to the reader. It says "i expect conversions" when in fact no conversions could occur. You should be using the most specific operator which satisfies the condition you are looking for
if (typeof x === "function") {
...
}
If you're sure that it won't do any "conversion shenanigans", as per your example, then yes, you should still use ===, because you'll save the parser the effort of having to work out whether it needs to do a conversion. So you'll get better performance. (marginal, but still)
This isn't about security; it's about performance and about doing things the right way.
The only time you should use double equal is where you know in advance that you definitely do want to use javascript's implicit type conversion. This might be the case for example if you want to check the numeric value of an input field (which would be string). But even then, in a lot of cases you would be better to convert the value manually first.
In short, use the === syntax everywhere unless you are certain that you need the implicit conversion functionality of ==.
When I originally read your question I thought of two scenarios:
- When comparing user inputted values to integers
- When comparing an object to null or undefined, because null does not explicitly equal undefined
But I did a little reading around and came across this, which is a pretty strong case for never using ==. I suppose it depends on your intentions, if you want a quick (and arguably nasty) catch-all then use ==, but its probably better practice (and a little extra work) to implement an explicit comparison.
if they will both be a string, you have no reason not to use ===.
== isn't recommended because you might forget to use 'typeof' in that kind of a scenario, or you might simply not realize that the types can't 'naturally' be compared... of course you can still use it, but you should really only use it if you actually need to compare different types and understand when the results will be true/false in those types
===in JavaScript, even once. – Niet the Dark Absol Commented Apr 2, 2013 at 16:02===ain't broke, don't fix it. – Waleed Khan Commented Apr 2, 2013 at 16:03==operator when you know you'll need an implicit conversion to be performed. – NullUserException Commented Apr 2, 2013 at 16:05mysql_*functions, that doesn't mean I am going to use them. For one, prepared statements are much more readable than anythingmysql_*offers. And also they will be removed from PHP in the future. – NullUserException Commented Apr 2, 2013 at 16:10