Monday, April 18, 2011

JavaScript: Perfectly Encapsulated May Mean Perfectly Untestable

It's no secret that JavaScript is like Lisp in that you can accomplish amazing things using a huge number of small, nested functions. In fact, you can write things like:
(function () {
function pickNose() {
}

function fart() {
}

pickNose();
fart();
})();
In this code, an anonymous function is defined and immediately called. pickNose() and fart() are two internal functions that are used by the outer function, but they are not available to the outside world.

It's amazing what you can get done using nested closures like this, but there's a cost. How do you write tests for pickNose() and fart()? Certainly, you can write a test for the outer function as a whole, but there's no way to test those inner functions in a standalone way without doing some refactoring. In a certain sense, the code is like a script in that you can test the thing as a whole, but you can't test the parts in a standalone way.

What's the solution? I'm sure there are many. You could have the outer function take a parameter such that when the correct value is passed, the code could flip over to testing mode and test itself. Another approach is to use Douglas Crockford's module pattern. The outer function could return an object that has references to the inner functions. That way you can call them externally and test them. However, that may not be an option if you are really paranoid about the outside world getting references to those functions.

In my opinion, getting overly paranoid about people calling your inner functions isn't very fruitful. JavaScript doesn't have much to help you keep modules away from each other. As soon as you have hostile JavaScript on the page, it's sort of game over. All of the JavaScript operates with the same permissions--it's not like you can sandbox a particular module.

Furthermore, it's difficult if not impossible to prevent people from just grabbing your JavaScript source code and hacking it to do whatever they want (especially if they can rely on the help of an external server). To state the obvious, JavaScript doesn't have very good internal security boundaries, so your server must always be distrustful of the JavaScript that it's talking to. Of course, that's the way the web has worked for as long as I've been coding.

2 comments:

Shailen Tuli said...

How do you test the internal functions? You don't. How about giving the outer function a name and defining/calling the inner functions anonymously? You would loose the colorful names, admittedly, but you could make up for that by naming the outer function imaginatively. Then you can write tests for the outer function. You wouldn't be unit-testing in that case, but you always have preferred a more holistic/integrated approach to testing anyway, right?

Shannon -jj Behrens said...

If the inner function has some complicated, purely functional logic that simply takes a value and returns a value, there is real value in unit testing it. If the outer function involves lots of DOM manipulation, it may not be possible to fully test the logic of the internal function because it's too hard to test it via its affect on the DOM. As much as I like integration testing, unit testing has real value too.