1. The Crockford’s subset does not include which function in JavaScript?
a) eval()
b) coeval()
c) equal()
d) equivalent()
Explanation: The Crockford’s subset does not include the with and continue statements or the eval() function. It defines functions using function definition expressions only and does not include the function definition statement.
2. What does javascript use instead of == and !=?
a) It uses bitwise checking
b) It uses === and !== instead
c) It uses equals() and notequals() instead
d) It uses equalto()
Explanation: The subset does not include the comma operator, the bitwise operators, or the ++ and — operators. It also disallows == and != because of the type conversion they perform, requiring use of === and !== instead.
3. What is being imposed on each subset to ensure that it conforms to the subset?
a) A parser to parse the code
b) A parser that parses and adds to the subset
c) A static verifier that parses code
d) A predefined function to parse the code
Explanation: Each subset is coupled with a static verifier that parses code to ensure that it conforms to the subset.
4. Why was “The Good Parts” designed as a language subset in JavaScript?
a) To improve programmer flexibility
b) To balance the workload of the programmer
c) To create an in-built compiler and interpreter
d) To improve programmer productivity
Explanation: The Good Parts is a language subset designed for aesthetic reasons and with a desire to improve programmer productivity. There is a larger class of subsets that have been designed for the purpose of safely running untrusted JavaScript in a secure container or “sandbox”.
5. Which is the subset that is a secure container designed for the purpose of safely running untrusted JavaScript?
a) Sandbox
b) The Good Parts
c) Both Sandbox and Good Parts
d) Web browser
Explanation: There is a larger class of subsets that have been designed for the purpose of safely running untrusted JavaScript in a secure container or “sandbox”.
6. Why is "this" keyword not preferred in JavaScript?
a) Highly memory consuming
b) Functions should access the global objects
c) Functions should not access the global objects
d) Very inefficient to use
Explanation: The this keyword is forbidden or restricted because functions (in non-strict mode) can access the global object through this. Preventing access to the global object is one of the key purposes of any sandboxing system.
7. Which are the two functions that are not allowed in any secure subset?
a) evaluate() and restrict()
b) eval() and the Function() constructor
c) debugger() and test()
d) eval() and debugger()
Explanation: eval() and the Function() constructor are not allowed in any secure subset because they allow the execution of arbitrary strings of code, and these strings cannot be statically analyzed.
8. Which is the object that defines methods that allow complete control over page content?
a) The client-side document object
b) The server-side document object
c) Both client-side and server-side document object
d) Web document object
Explanation: A web page is divided into two object documents in which one is client-side document object and the other is server-side document object. The client-side document object defines methods that allow complete control over page content
9. Which was one of the first security subsets proposed?
a) FBJS
b) Caja
c) dojox.secure
d) ADSafe
Explanation: ADsafe was one of the first security subsets proposed) It was created by Douglas Crockford (who also defined The Good Parts subset). ADsafe relies on static verification only, and it uses JSLint as its verifier. It forbids access to most global variables and defines an ADSAFE variable that provides access to a secure API, including special-purpose DOM methods. ADsafe is not in wide use, but it was an influential proof-of-concept that influenced other secure subsets.
10. Which is the subset that transforms web content into secure modules that can be safely hosted on a web page?
a) Microsoft Web Sandbox
b) ADsafe
c) Caja
d) dojox.secure
Explanation: Caja is Google’s open-source secure subset. Caja (Spanish for “box”) defines two language subsets. Cajita (“little box”) is a narrow subset like that used by ADsafe and dojox.secure. Valija (“suitcase” or “baggage”) is a much broader language that is close to regular ECMAScript 5 strict mode (with the removal of eval()). Caja itself is the name of the compiler that transforms (or “cajoles”) web content (HTML, CSS, and JavaScript code) into secure modules that can be safely hosted on a web page without being able to affect the page as a whole or other modules on the page.