• darcy@sh.itjust.works
        link
        fedilink
        arrow-up
        2
        ·
        10 months ago

        almost forced to for web front end. why you would use it anywhere else, however, i will never know

        • Turun@feddit.de
          link
          fedilink
          arrow-up
          1
          ·
          10 months ago

          The same reason people drive their car to buy groceries.

          You bought it for something where it was the only option, driving 30km to work everyday. But ever since you got it, the trip to the super market is kinda too hot in the summer and too cold in the winter and what if you spontaneously need to buy more than expected?

          People learn it for front end dev, and then they use what they know for back end too.

  • Lunya \ she/it@iusearchlinux.fyi
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    10 months ago

    I still don’t understand the === operator

    Edit: I think a more type strict ==? Pretty sure I understand the point of typescript now.

    • Mikina@programming.dev
      link
      fedilink
      arrow-up
      2
      ·
      edit-2
      10 months ago

      It’s also important if you’re checking hashes (at least, it was - if you’re using correct hashing algorithm that isn’t ancient, you will not have this problem).

      Because if you take for example “0e462097431906509019562988736854” (which is md5(“240610708”), but also applicable to most other hashing algorithms that hash to a hex string), if(“0e462097431906509019562988736854” == 0) is true. So any other data that hashes to any variantion of “0e[1-9]+” will pass the check, for example:

      md5("240610708") == md5("hashcatqlffzszeRcrt")

      that equals to

      "0e462097431906509019562988736854" == "0e242700999142460696437005736231"

      which thanks to scientific notation and no strict type checking can also mean

      0462097431906509019562988736854 == 0242700999142460696437005736231

      which is

      0 == 0 `

      I did use md5 as an example because the strings are pretty short, but it’s applicable to a whole lot of other hashes. And the problem is that if you use one of the strings that hash to a magic hash in a vulnerable site, it will pass the password check for any user who’s password also hashes to a magic hash. There’s not really a high chance of that happening, but there’s still a lot of hashes that do hash to it.

    • frezik@midwest.social
      link
      fedilink
      arrow-up
      2
      ·
      10 months ago

      The short answer is that your language needs === when it fucked up the semantics of ==, but it’s also too popular and you can’t fix it without breaking half the web.

    • SzethFriendOfNimi@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      edit-2
      10 months ago

      So in JavaScript there’s the assignment

      =
      

      and the comparator is

      ==
      

      Since there’s no types JS will do implicit conversion before comparison when using == in a case like this

      if(false == '0'){
          //this is true
      }
      

      But with === it doesn’t. It means literally compare these

      if(false === '0'){
          //this is false
      }else{
          //so this will execute instead 
      }
      

      But this, however, will

      var someState = false;
       if(someState === false){
          //this is true
      }
      
    • QuazarOmega@lemy.lol
      link
      fedilink
      arrow-up
      2
      ·
      10 months ago
      > 1 == 1
      true
      > 1 == '1'
      true
      > 1 === '1'
      false
      

      (from node REPL)

      Basically it’s the real equals sign perfection