Add "use strict" to all core JavaScript to enforce clean code

There are a lot more gotchas to using JavaScript in strict mode than just having to have your variables declared.

There happens to be a very recent article by Nicholas C. Zakas on this, with interesting comments from Paul Irish and Mathias Bynens.
http://www.nczonline.net/blog/2012/03/13/its-time-to-start-using-javascr...

I'm not against using "use strict"; in Drupal, but this should be thoroughly reviewed before going live. If not, we might break some JavaScript that gets dynamically added to the strict scopes or that fails other parts of the strict mode (like the 'this'-coercion).

I was referring to exposed objects (like window.jQuery & window.Drupal) that are used within strict scopes. In the event of a module manipulating them, could it break core JS as well?

I'm all for using strict mode, but before this is committed, perhaps we should look at all the things it affects and how that would impact the current JavaScript in /core/misc?

I'm talking about the typical jQuery IIFE:

(function ($) {
  // Any code here has access to the global jQuery object through
  // either jQuery, window.jQuery or $. As a result, any changes made
  // to jQuery outside of this IIFE could impact code inside this scope.
})(jQuery);

Same goes for Drupal.settings and any other global that is used by Drupal within a jQuery IIFE.
I'm not saying it will break code, I'm asking if it can. :)

All right, cool. That's the kind of reassurance I needed.
Patch looks good to me.

Makes sense to me.

Official specification: http://www.ecma262-5.com/ELS5_Annex_C.htm

A few human-readable effects: http://stackoverflow.com/a/4799455

Tagging coding standards for Jennifer, since it seems related.

So... It does seem like a good idea to put "use strict" in all the JavaScript files. But since our automated tests only do PHP at this time, I think we would need to do some extensive manual testing before I would say that nothing is broken by this patch. Like at least loading pages that include the JS files in several browsers, and verifying that they all compile correctly? Or better yet, making sure they still work? I don't know exactly what's necessary, and the comments above do not make that clear.

Also, I don't see any indication of exactly what testing or verification has been done for these files.

So can someone please update the issue summary with:
- In Proposed Resolution - what tests need to be done to verify this won't break anything (and maybe some justification of why this is enough)
- In Remaining Tasks - an indication that this testing has or hasn't yet been done.

Also, did someone verify that all the JS files in core now have "use strict" after this patch is applied? (assuming that they should)?

That sounds good, as far as the testing plan.

So did someone apply the patch and load all the pages that use JS, or all the JS files, to verify that they are all working? And verify that "tableheader" (is that the table sorting header or something else?) is still working?

And by the way, the only changes I see in this patch besides adding a lot of "use strict" everywhere are in user.js (adding a variable declaration). I don't think that is tableheader, so maybe that could use some more detailed testing too?

One more thing. Why is the "use strict" placed inside the $() { } instead of at the top of the file? Do all the JS files we have start with $() {}? Excuse my ignorance... I do *some* JS but it's not my main strength...

This is a D8-only patch. Basic manual testing has been performed. If something was missed, we can easily fix that in a follow-up.

I consider this change similar to updating to a new jQuery version. Instead of delaying the change almost forever on manual testing upfront, it is safe to get the change in first and fix whatever comes up later. At least at this point in the release cycle.

This will need a change notice and a update to the JavaScript coding standards handbook page.

Really? I didn't see anyone indicating they had done basic manual testing on all the files. And I wasn't aware that our policy in D8 was "patch first, ask questions later"?

I'll leave this for catch/Dries/webchick to deal with. Over my head. :)

With jQuery updates specifically, I've been letting those go in without extensive cross-browser testing because with no automated test coverage (well there is some now at branch level via testswarm I think, although it's not centralized on d.o yet) it feels better to get things tested in HEAD and sort out any issues after the fact. I'd consider being on the latest stable jQuery version an absolute blocker to an 8.0 release, and there's still plenty of time and other js patches which do require manual testing to find issues. However that's an external library rather than our own code, and it seems worth this getting a once over before commit if someone will do it - so adding the tag.

Well that didn't happen, so to keep things going with the js cleanup I'm going to go ahead and commit it, if it does cause bugs, then it'll be showing up an existing bug rather than actually adding a new one. Will need a change notification.

testing protocol

Thanks!

Thanks. Committed/pushed to 8.x.