-
_.clone(options) passed in to a function - Is a simple clone correct / enough? Because nested objects and arrays will be copied by reference (underscore clone: Create a shallow-copied clone of the provided plain object. Any nested objects or arrays will be copied by reference, not duplicated.).
-
Escape all user entered content before rendering to template
-
If you need to pass a html entity into a template (like
 ) use the unicode equivalent (\u2009) to avoid having to unescape it (and open up a potential vulnarability) -
double escaping
model.escape('name'); //template will *also* escape
-
replace backbone initialize with constructor (so you can identify the class by name when debugging)
-
use moment.utc over Date to avoid timezone issues
-
hard coded expected values in tests - when you get the name programatically, it might mask a bug:
var person = {name: 'Hello'};
expect(person.name).toEqual(person.name);
var person = {firstname: 'Hello'}
expect(person.name).toEqual(person.name); // undefined equals undefined
// and test is still green and we have a bug
- Parsing strings to numbers: The parseInt() and parseFloat() functions parse a string until they reach a character that isn't valid for the specified number format, then return the number parsed up to that point. However the "+" operator simply converts the string to NaN if there is any invalid character in it. Just try parsing the string "10.2abc" with each method by yourself in the console and you'll understand the differences better.