If you thought JavaScript is the bane of web-programming during these last 2 months of Comp527, where every other paper talked of security threats related to JavaScript, you are not the only person. Even Google, which has most of its client side web code in JavaScript, thinks so; and in fact as a radical change, it has introduced a new web-programming language Dart.
Dart is much like JavaScript, yet different.
It has the same desirable properties that made JavaScript popular (features liked by lazy and untamed programmers):
- Flexible.
- Familiar ( Java style coding).
- Easy to prototype and then build full app.
- High performance.
- Lots of library and readymade code.
It has other features that JavaScript does not have:
- Structure — JavaScript completely lacked structure (I loathed it coming from PL side), and Dart has it.
- It is typed, which means variables have a type. But as an easy transition for JavaScript coders, typedness is optional. Those who care about security at PL level can enforce type.
- Object oriented. You can have full classes and hierarchies which hints me you will easily have facility for private and public variables and ability to segregate trusted and untrusted code.
- Suitable for the full range of devices on the web—including phones, tablets, laptops, and servers.
Dart can be executed in two ways:
- On a native virtual machine
- On top of a JavaScript engine by using a compiler that translates Dart code to JavaScript.
You can write a web application in Dart and have it compiled and run on any modern browser. The Dart VM is not currently integrated in Chrome but Google has plans ;-).
So, Dart boasts these features:
- Optional types let you prototype quickly and then revise your code to be more maintainable. Dart provides, at the programmer’s option, a mixture of static and dynamic checking. When experimenting, the programmer can write untyped code for simple prototyping. As the application becomes larger and more stable, types can be added to aid debugging and impose structure where desired.
- Code portability in most modern web browsers (Chrome, Safari 5+, Firefox 4+) and on servers.
- Familiar code if you know a language or two, and you can use time-tested features such as classes and closures.
Further, the language comes with a set of basic libraries and tools for checking, compiling, and running Dart code.
Show me code:
Hello world in Dart:
|
|
Fibonacci in Dart:
|
|
Object oriented code in Dart, a point class:
|
|
Dart inside HTML:
|
<html> <body> <script type=”application/dart”> main() { Element element = document.getElementById(‘message’); element.innerHTML = ‘Hello from Dart’; } </script> <div id=”message”></div> </body> </html> |
For more details visit: http://www.dartlang.org/
This new language seems nice, but as with the majority of programming languages it might be too late. There are already so many programming languages or frameworks out there that promise to do the same thing. We all know the culprits are JS and/or HTML, but unfortunately it doesn’t seem we will get rid of them any time soon.
Running code on a native VM is very risky, as I’m guessing a lot of people won’t bother installing that unless it’s very widely used. Actually, the site says that Dart runs on a server side VM. It would be interesting to see how this works, as JS is mostly (can we say totally?) client side. Translating the code to JS seems nice for the purpose of reaching the largest audience, but we still need to see how safe the generated code is.
So what’s your opinion on the security properties of Dart? What differences do you see from current JavaScript/web browser security?
It is a language whose design is in progress. The point is it has type, it has structure; these enforce some sanity which JS lacked.
My take is that, as it evolves, class hierarchies will have different security properties because of which running 3rd party code (XSS) will not cause reading confidential values or modifing sensitive data.