DEV Community

Dan-Vy Le
Dan-Vy Le

Posted on


MJSQ 101: .call vs .apply, ternaries, and same-origin policy

More JavaScript Questions 101(MJSQ 101):

Continuing from my original blog post, more javascript 101 questions!:

What's the difference between .call and .apply?

.call and .apply are used to invoke functions. The first parameter will be the value to this function.

.call takes in comma-separated arguments as the next arguments
.apply takes in an array of arguments as the next argument

User Yangshun gives a great tip to remember:
C is for call and comma-separated
A is for apply and an array of arguments

function teamScored(a, b) {
  return a + " " + b;

console.log(, "It's a", "touchdown")); // "It's a touchdown!"
console.log(teamScored.apply(null, ["It's a", "touchdown"])); // "It's a touchdown!"

Why is it called a Ternary expression, what does the word "Ternary" indicate?

Ternary indicates three. A ternary expression accepts three operands:
1) the test condition
followed by a ?
2) an expression to operate if the test condition is truthy
followed by a :
3) and expression to operate if the test condition is falsy

This is commonly used to shorten up an if statement.

function ballCrossedGoalLine(isTouchdown) {
  return (isTouchdown ? 'Yes! It is a touchdown!' : 'No, the team was denied.');

//output: "Yes! It is a touchdown!"

//output: "No, the team was denied."

Explain the same-origin policy with regards to JavaScript.

The same-origin policy prevents JavaScript from making requests across domain boundaries. An origin is defined as a combination of protocol, host, and URL port. These three must be identical in the URLs that are used to access the content for them to be considered the same origin.

The purpose of the same-origin policy is to prevent scripts from accessing malicious content. Without the same-origin policy, a script could open a new browser window and trick the user into accessing sensitive content. The script could then read the content and transmit it to another server.

Here's a great explanation from It Pro Today: Let's say that a script hosted on is embedded in a web page that's hosted on using the script element's src attribute. The origin of the script is The origin of the script is the page's domain in which it's embedded. The script has full access to the content and properties of any page that's hosted on regardless of whether it's opened in new window or iframe. But if the script opens a new window and loads a document from or any other domain, then the same-origin policy comes into effect in which the script can't access the document's content or properties.

That's all for today, please leave any comments/questions/corrections in the comments. Thanks!


Huge huge thanks to github user: yangshun for aggregating the most popular JS, CSS and HTML questions and giving us his answers to it. My weekly blog posts are to go over several questions at a time to reinforce my knowledge of fundamental javascript as I grow my expertise in it. Many of my blog will be paraphrasing if not direct quote from his github. Find his tech interview handbook here and please support him!

And an additional thank you to Flatiron alum: Marissa O. who is a badass developer at Forbes magazine for directing me to his blog!

Other sources:

Top comments (0)