Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

Coffee Break: Join us on Wednesday, April 5th at 10am PT to chat with Ben Gaines, Director of Product Management for Adobe Analytics. Ben will be online to answer your Analytics and Adobe Summit questions.

Remove two anti-patterns from the AppMeasurement.js code


Level 1


Two known anti-patterns are used within the AppMeasurement.js javascript code:


1. It accidentally exposes internal variables by not utilizing the `var` keyword to restrict variable scope.

2. It utilizes "lax" equivalence/inequivalence check operators.


Accidentally globally scoping variables allows any object that has access to the page to "see" the contents of these variables. If they include sensitive information, such as cookie values, an attacker with access to the page could see these exposed values. Additionally, globally scoped variables can introduce accidental errors into a program, as they may accidentally "overwrite" a global variable used by another program, or have their values overwritten by the same.


JavaScript includes two "types" of equivalence checks, which could be classified as "strict checks" and lax checks". When working with numbers, booleans, Null, undefined, and objects, strict equivalence checks are preferred, both for purposes of correctness as well as avoidance of accidental misbehavior. This behavior becomes apparent especially when working with numbers and booleans: JavaScript will assert that `"2" == 2` is true, whereas `"2" === 2` is false; this is due to the fact that "lax" equivalence checks will attempt to do type coercion prior to checking the equivalence of the two sides. This is further compounded by the fact that JavaScript has some odd constructs for what constitutes a number, and can lead to undefined behavior. The standard recommendation is to use strict equivalence (===) and strict inequivalence (!==) whenever values are to be checked.


For further details see:

1 Comment