Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Programming

Microsoft Adds Support For JavaScript Functions in Excel (bleepingcomputer.com) 171

An anonymous reader shares a report: At the Build 2018 developer conference that's taking place these days in Seattle, USA, Microsoft announced support for custom JavaScript functions in Excel. What this means is that Excel users will be able to use JavaScript code to create a custom Excel formula that will appear in Excel's default formula database. Users will then be able to insert and call these formulas from within Excel spreadsheets, but have a JavaScript interpreter compute the spreadsheet data instead of Excel's native engine. "Office developers have been wanting to write JavaScript custom functions for many reasons," Microsoft says, "such as: (1) Calculate math operations, like whether a number is prime. (2) Bring information from the web, like a bank account balance. (3) Stream live data, like a stock price."
This discussion has been archived. No new comments can be posted.

Microsoft Adds Support For JavaScript Functions in Excel

Comments Filter:
  • by khandom08 ( 1319863 ) on Tuesday May 08, 2018 @12:00PM (#56574260)

    ....

    • by bobstreo ( 1320787 ) on Tuesday May 08, 2018 @12:04PM (#56574292)

      The worst?

        With the tight security model Microsoft (and intel) always holds, combined with the track record of Javascript, they sky is the limit!

      • by Gr8Apes ( 679165 )
        My personal take is there weren't enough holes in Excel, so time to add a new holey framework implemented, of course, by the best MS could outsource.
      • While Dante's inferno depicts several circles of Hell with the Devil in the center/bottom circle stuck in the floor being tortured for eternity - that's really not even the limit, there's another less well-known circle of Hell smack in the center: the Devil's colon. That is where this will go. That said, it's better than VBA.
        • by Oswald McWeany ( 2428506 ) on Tuesday May 08, 2018 @01:25PM (#56574916)

          While Dante's inferno depicts several circles of Hell with the Devil in the center/bottom circle stuck in the floor being tortured for eternity - that's really not even the limit, there's another less well-known circle of Hell smack in the center: the Devil's colon. That is where this will go. That said, it's better than VBA.

          It's barely better than VBA. JavaScript is (in the 21st Century) the equivalent of VBA in the 90's. Quick, crude, and unstructured; it's the "rabble" of languages.

          • Not only that, but it's still going to have to use the existing Office App data model which is half of why VBA is such a clusterfuck in the first place. Which is to say a bunch of bizarre COM bindings and related retardation.

            • by aberglas ( 991072 ) on Tuesday May 08, 2018 @08:42PM (#56577700)

              No, it does not use the Excel Object Model.

              The Excel Object model is actually very good. Sensible and clean (ignoring recent horrors like the ribbon). COM is a mess, but the object model is excellent.

              Moving to JavaScript does not merely men replacing End If with {}. The JavaScript model runs in a client server style, with futures etc. Much, much more complex. That is the essence of the change, Not the actual language.

              10 lines of VBA becomes 100 lines of the new Java API. And is impossible for non-programmers to write. And that is what VBA supports, non programmers.

              In VBA you can even record a macro, see the object handling, and then tidy it up afterwards. Excellent.

              What actual users of Excel want is the VBA to be properly supported. It was abandoned for .Net, which was unusable by non programmers and very difficult to deploy. And now the fashion is Javascript. But since when to developers listen to uses? Wot's hot and wot's not. That is what counts.

          • JavaScript is a hell of a lot better than VBA. There are no words for how bad is VBA.
            • VBA is actually an excellent language, better than JavaScript. The main advantage is that it includes static typing which is a killer feature for larger programs. VBA has classes and properties and dynamic typing, only thing missing is closures which are rather esoteric. There are a few historical quirks in both languages.

              End If is actually better than {}s, because the compiler can detect errors -- the {} approach was introduced in Algol 60, replaced with End If (actually Fi) in Algol 68 (1968). Most l

      • by Anonymous Coward

        Spectre will make this easy to scrape credentials and whatnot from memory.

        Goes like this

        1. Ransomware infected document makes its rounds in email.

        2. Files encrypted, and credentials uploaded to the Internet.

        3. Machines and Domain Controllers 0w3ned! Backups purged to prevent recovery.

        4. The compromised organization folds, people lose their job.

        5. Parents without income, children go hungry.

      • You forget, marketing is in charge of development. For every security bug patched, Microsoft marketing introduces new and exciting security holes to improve the user experience.

    • You beat me to it.
    • by Anonymous Coward

      Sooooo, this is how SkyNet begins...

      • by q_e_t ( 5104099 )
        If SkyNet is relying on JavaScript an attack on any one of five dozen servers it is downloading vital code from will defeat it.
  • I'm listening... (Score:4, Interesting)

    by MightyYar ( 622222 ) on Tuesday May 08, 2018 @12:02PM (#56574280)

    This could be good, if they handle errors well. If they use the same default "fail silently" practice as they do with VBA functions, then it will be just as dangerous as those are.

  • Yes (Score:5, Funny)

    by cascadingstylesheet ( 140919 ) on Tuesday May 08, 2018 @12:03PM (#56574288)
    The only thing better than VB in a spreadsheet is JavaScript. This is awesome.
    • Re:Yes (Score:5, Insightful)

      by jellomizer ( 103300 ) on Tuesday May 08, 2018 @12:13PM (#56574366)

      Which is at least an Open Standard Programming language. Which works on different OS's and hardware architecture. And designed to run relatively safely on your PC.
      VB is a hold over the Bad Old days of Microsoft. Where to get the feature you needed the entire ecosystem. Even the long time Office for the Mac, didn't didn't support VBscript (or at least not completely)

      The biggest issue I have, is people using Excel and Access as their programming environment, to try to bypass us egotistical developers and get a program running fast. Only to have it break a year down the line and get those egotistical developers digging in poorly written and designed system to make heads or tail on what went wrong.

      • How is JavaScript designed to run relatively safely on your PC?
        • Re:Yes (Score:5, Funny)

          by Opportunist ( 166417 ) on Tuesday May 08, 2018 @12:29PM (#56574500)

          By turning it off.

        • Being that JavaScript has been running on browsers for close to 20 years. While not 100% secure. It is designed to not to interact with your actual PC, just in the container it is designed to run it (the browser) we have been safe from a lot of the nonsense that Microsoft has exposed us to in the past, with VB Script and Active X controls.
          The vulnerabilities in Javascript have been quickly fixed and isn't a flaw in the language but in the interpreter. While the Microsoft languages, where designed in era w

          • What does this have to do with a browser? This is Excel. I can write a JS program that will erase your hard drive if I am running it in a shell.
            • Feel free to post a link to the source

              • Re: Yes (Score:4, Insightful)

                by flink ( 18449 ) on Tuesday May 08, 2018 @02:40PM (#56575492)

                What does this have to do with a browser? This is Excel. I can write a JS program that will erase your hard drive if I am running it in a shell.

                Feel free to post a link to the source


                var fso = new ActiveXObject( "Scripting.FileSystemObject" );
                fso.deleteFolder( "C:\\", true );

                • by lgw ( 121541 )

                  pwnt

                • So that isn't available in VBA already? What makes that more of a security hole in JS?

                  • by flink ( 18449 )

                    So that isn't available in VBA already? What makes that more of a security hole in JS?

                    It's not a security hole in JS per se, and of course you can do exactly the same thing in VBA. But the statement was "This is Excel. I can write a JS program that will erase your hard drive if I am running it in a shell.", and you invited someone to post source backing that up, which I did.

                    The point, and I think we agree on this, is that no language, be it VB, JS, perl, or python, is inherently dangerous. It's all about the context in which they are run and the APIs they have access to. JS in the browser

    • Re:Yes (Score:5, Interesting)

      by Anonymous Coward on Tuesday May 08, 2018 @12:20PM (#56574428)

      There is a huge group of computer-using professionals that live and breathe Excel.

      They are not programmers. But they do have script-kiddie level of competence, which they use for making Excel formulas and macros.

      These people are in love with Excel, and when they submit requirements for actual software development, they adamantly insist that the software accept Excel documents as input, and that everything the program does be controlled by Excel.

      This creates terrible inefficiency, gobbles up memory, slows the system down, injects an endless stream of bugs and support issues, and lets utterly unqualified people inject code into complex systems with little-to-no insight as to what-all is going to break because of it. But if you try to convince them to allow you to implement some of that logic in a proper coding language, they flatly refuse.

      So, of all the programming languages that are common in the industry, which one is most likely to be one that this class of user has encountered, tampered with, and prefers?

      Of course javascript. One of the Internet's oldest mistakes, and one of the worlds most sloppy and dangerous tools, will be put into the hands of non-programmer power-users to use right in the center of complex mission-critical systems that directly impact things like....oh I dunno....large sums of money moving around.

      The world is run by the wrong people.

      • Fire these idiots and replace them with people who have a brain.

        I consider this fixed and close the ticket with your permission.

      • There is a huge group of computer-using professionals that live and breathe Excel.

        You have had too much of that white powder - those are not computer professionals - they are either zombies or aliens.

        • There is a huge group of computer-using professionals that live and breathe Excel.

          You have had too much of that white powder - those are not computer professionals - they are either zombies or aliens.

          Worse. They're MBAs.

        • I used to think the same way, but the reality is these are people IT has failed. They have a need and IT has repeatedly failed to deliver it to them over the years. Sure what they produce quality wise is absolute shit, but they produce it because that shit is better than the nothing you are delivering them. One of the constant thing I am fighting nowadays is the self entitled IT, they think IT is special and business must follow IT rather than understanding IT exists to provide the business with a service,
      • by lgw ( 121541 )

        These people are in love with Excel, and when they submit requirements for actual software development, they adamantly insist that the software accept Excel documents as input, and that everything the program does be controlled by Excel.

        This creates terrible inefficiency, gobbles up memory, slows the system down, injects an endless stream of bugs and support issues, and lets utterly unqualified people inject code into complex systems with little-to-no insight as to what-all is going to break because of it. But if you try to convince them to allow you to implement some of that logic in a proper coding language, they flatly refuse.

        Lo, I was beset by such ills, and I went to the mountaintop. Upon the mountaintop was a burning bush, and in a booming voice it spoke:

        C S V

        So it is written. So let it be done.

        (Seriously, tell your Excel jockies the input format is CSV, or TSV, or whatever. As a bridge between Excel and real code, it's a gift from God. They can play to their hearts' content in Excel, but they have to give you plain data, and accept plain data from you.)

    • "Your document is taking too long to load. Do you wish to cancel running the scripts or continue to wait?"

  • by xack ( 5304745 ) on Tuesday May 08, 2018 @12:06PM (#56574298)
    One of the first “apps” for this will be yet another cryptocurrency miner that will be spread around an organization’s spreadsheets.
  • Personally, I think this capability could be extremely useful and should be pursued.

    But, my first thought was to type handling - both environments largely handle data typing automagically and I would like to see how incompatible types are recognized and handled. I would worry about JavaScript's tendency to ignore failures and carry on as best it can without notifying the user as being a significant concern. For this reason, I would consider Python to be a better choice.

    I wish in the TFA, when they referen

    • by AvitarX ( 172628 )

      I'm pretty excited because it seems like it will make it quite easy to use regex to filter.

      Currently, I have to either use google sheets, or contort something that abuses functions to get some filters done.

      • Regex is already available in Excel through a reference to "Microsoft VBScript Regular Expressions 5.5".

  • by bogaboga ( 793279 ) on Tuesday May 08, 2018 @12:19PM (#56574424)

    Folks, I will have to say that this development is very welcome though what really saddens me is this: -

    There's no Open Source Excel alternative that comes even close to what Excel can do.

    To make matters worse, there's no [serious] effort to create anything capable.

    • by jandrese ( 485 ) <kensama@vt.edu> on Tuesday May 08, 2018 @12:41PM (#56574584) Homepage Journal
      Which Excel features are missing from Openoffice Calc that are a showstopper for you?
      • Re: (Score:2, Insightful)

        by Anonymous Coward

        Running existing Excel macros, Power Pivot, lots of chart types, external data sources, multithreading.

        • by guruevi ( 827432 ) <evi AT evcircuits DOT com> on Tuesday May 08, 2018 @01:46PM (#56575104) Homepage

          I think you shouldn't be using Excel at that point anymore. If your "data scientist" is using Excel, fire him, immediately.

          • What should you be using instead?

          • If your "data scientist" is using Excel, fire him, immediately.

            I think that's a bit harsh. I've got a friend that, that is their job and it wasn't until a lot of crying and begging did they approve Python and R for install on the laptops. You've got to remember that sometimes you just have to work with the tools that upper management will allow.

            I'm not suggesting that, that justifies anything, just that sometimes it's hard to get non-data folks to agree to thing, even free things.

          • the point of many of those features is you don't need a data scientist to do it. The fact you do with CALC is a huge negative.
        • by jandrese ( 485 )
          I take it OpenOffice Data Pivots [activitydata.org] are insufficient?
        • by jandrese ( 485 )
          Excel macros are a bit of a minefield, but you can try enabling them [openoffice.org] in OpenOffice if you are feeling brave.
      • The main one for me is tables. In LibreOffice Calc, I can give a range a name, and I can add an AutoFilter, and I can create my own total row, and I'm sure I can put together some kind of nice style for the table of data, with alternating row colors. In Excel, it's a one-click action. From there, I can also easily add a formula to a cell, and have to copy down to all rows. Each row has its own name, making formulas referring to cells within the table easier to read.

        There have been other Excel niceties m

    • by guruevi ( 827432 ) <evi AT evcircuits DOT com> on Tuesday May 08, 2018 @01:48PM (#56575116) Homepage

      You must never have heard of SQL, Python, R, ...

      Try opening an Excel sheet with 15,000 lines and applying a filter... (I just got one of those in my Inbox - 2MB Excel sheet, takes 2 minutes to re-render any changes on an 8-core i7 (Excel: using 16 threads... 4%)

      • Have you seen the google sheets created by crowd sourced data?

        There is one where people who booked Tesla Model 3 are entering data to predict info Tesla is not revealing, VIN, production rates, etc etc. 5000 people collaborative editing. Pictures, charts, rolling 21 day averages, historic charts predicting wait times for each color + wheel combination, and what not..

        There is one used by Indian/Chinese H1B applicants tracking the reports of who got what when. I have not seen it, but it supposed to be ove

  • No, not JavaScript! (Score:5, Interesting)

    by null etc. ( 524767 ) on Tuesday May 08, 2018 @12:23PM (#56574452)

    Good God, of all languages, why JavaScript? JavaScript is a terrible programming language! And its floating point math is bonkers, have you ever tried doing 0.1 * 0.2 in JavaScript, the answer is 0.020000000000000004! Can you imagine how main spreadsheet errors this will cause?

    And JavaScript doesn't even have type safety! If Microsoft were smart, they would use a compiled programming language, like C, that you'd have to compile using a command-line compiler with a GPG-Key that you could inspect to avoid government MITM attacks! Now the government can get your tax spreadsheet information!

    And, JavaScript is terrible because a lot of popular JavaScript frameworks have their own package managers! Can you imagine developers BLINDLY TRUSTING whatever package and whatever dependencies it has? Every developer should be forced to only use the OS package manager to install JavaScript libraries!

    And, JavaScript is terrible because hundreds of programmers release hundreds of new packages every day, and they grow old and stale and now the JavaScript package ecosystem is older and staler and more crowded than the iOS app store ecosystem!

    And, JavaScript is terrible because anyone can just pick it up and start playing with it, and they can write a web server in 15 minutes without even knowing about tail recursion or Monte Carlo cyclomatic complexity reduction! Script kiddies will start taking our jobs, and they don't even have to know how to covert an AST optimization into a stack heap implementation!

    I hope that Microsoft realizes the error of their ways, and instead implement something like LISP as the programming language.

    • by mark-t ( 151149 )
      To be fair, javascript is no more unsafe than lisp is. What makes javascript unsafe is any vulnerability in auxiliary frameworks that are exposed to script writiers, none of which are part of the actual core language or standard frameork library.
      • To be fair, javascript is no more unsafe than a cornered rat with rabies.

        FTFY

        • by mark-t ( 151149 )

          Javascript, by itself, is about on par with safety as any other scripting language such as scheme or Lua. Any lack of safety lies entirely in what underlying operating system frameworks are exposed to the api of the script language by the language embedder. By default, there is nothing that stands out to my knowledge in the javascript core library that would be considered unsafe.

          That said, I won't argue that there are a few characteristics of javascript that might make it undesirable as a programming

    • > ...0.1 * 0.2 in JavaScript, the answer is 0.020000000000000004!

      That's called floating point arithmetic. It has nothing to do with the language.

    • by jaa101 ( 627731 ) on Tuesday May 08, 2018 @05:25PM (#56576576)

      have you ever tried doing 0.1 * 0.2 in JavaScript, the answer is 0.020000000000000004! Can you imagine how main spreadsheet errors this will cause?

      You appear to be ignorant of the way floating point numbers work. This is not a feature of JavaScript, but of the CPU in your computer. Try entering "=0.1*0.2" in an Excel cell and then turn up the format to 20 digits of precision. I'm not saying that JavaScript is good, but using this as your first example of how bad it is doesn't help your credibility.

    • have you ever tried doing 0.1 * 0.2 in JavaScript, the answer is 0.020000000000000004

      You mean just like in Excel?

      JS is an excellent match for JS. Floating-point math? Check. Playing fast and loose with strings and numbers? Check. Massive additional attack surface on something that would often have been better served with simple static data? Check.

    • You've listed nothing relevant at all and also demonstrated that you don't know much about Excel.

      Excel uses floating point too, just like JavaScript. The same basic type of floating point too, IEEE 754
      https://support.microsoft.com/... [microsoft.com]

      Excel doesn't have type safety in its cells either. Or in its current VBA language.

      Microsoft isn't embedding a package manager in Excel

      Again, Microsoft isn't embedding a package manager in Excel.

      Excel used VBA because it's easy to pick up and use. You've listed a pro, not a con

    • ... doing 0.1 * 0.2 in JavaScript, the answer is 0.020000000000000004!

      That's what happens in floating point arithmetic regardless of the language. Try it in Python.

      Moron.

  • by ahziem ( 661857 ) on Tuesday May 08, 2018 @12:24PM (#56574466) Homepage
    For at least ten years, StarOffice, OpenOffice.org, LibreOffice, and derivatives supported JavaScript and Python in the Calc spreadsheet.
  • That's all fine. But all I really want is for it to be faster than molasses in January. It take forever to load, and forever to save. If I want bunch of fancy features, I would switch to a more powerful program.
  • "Microsoft Adds Support For JavaScript Functions in Excel"
  • Please shoot me (Score:4, Insightful)

    by Opportunist ( 166417 ) on Tuesday May 08, 2018 @12:34PM (#56574538)

    But could you please do it before the first batch of Excel-based javascript-empowered cryptominer and other malware arrives in our company?

    Who the FUCK thought it would be a great idea to marry the one file format every idiot opens when it arrives in his mailbox because that's what he does all day with the one scripting language that can the easiest be obfuscated to escape the current antivirus signatures?

    So far I was willing to say that MS simply can't fight malware, but this makes me wonder whether they get a cut of the profits.

  • by zarmanto ( 884704 ) on Tuesday May 08, 2018 @12:35PM (#56574550) Journal

    Microsoft has added various scripting languages to their Office products over the years... and each and every one has been abused by bad actors at some point, forcing Microsoft to cripple and/or remove the capability. What on earth could possibly make Microsoft think that adding JavaScript to Office documents will be any different? Particularly since it has already been abused in a myriad of ways within web browsers??

    As the old saying goes, "The definition of insanity is doing the same thing over and over again, and expecting different results."

    • As the old saying goes, "The definition of insanity is doing the same thing over and over again, and expecting different results."

      I'll just leave this here https://www.psychologytoday.co... [psychologytoday.com]

      • That article serves no purpose in this context, unless for some reason you're attempting to deflect from or minimize the detrimental impacts of Microsoft's poor decision making in this situation. Certainly you could be pedantic and argue that Microsoft isn't technically exhibiting insanity so much as they are exhibiting "perseveration" behaviors... but that distinction offers no particular benefit to the discussion, and only serves to confuse people.

        Sometimes "cute sayings" are quite adequately descriptive

    • As the old saying goes, "The definition of insanity is doing the same thing over and over again, and expecting different results."

      This is Microsoft WINDOWS we're talking about. Don't you re-install it every 6 months too, saying "This time is the very LAST time."

  • all at once.

  • Does this mean VBA gets yanked? Is the roadmap to replace macros with Java? GAWD!
    I am so tired of other java systems failing after an automated java update, now the CFO's spreadsheet fails... spectacular idea.
  • Cause they didn't have enough gaping wide vulnerabilities with VBA?

    Here's hoping they carried over all the lessons learned.

  • I'm in an organization that INSISTS on using Microsoft Excel as an administrative end for an entire ecommerce platform. They want to use it for all of their inventory management. The last major iteration, I finally said "FUCK THIS SHIT", and wrote a quick VBA script that simply copied the current sheet to a new document, saved as XLSX (for those unaware, this format is just a small collection of XML files ZIPed up, with a custom file extension), and then the VBA script uploads this new single-sheet document

  • This is clearly a Good Thing, and could never cause any kind of security concerns.

    After all, the one thing I always wanted in my company's proprietary and highly confidential corporate budgeting spreadsheets was the ability to stream random data from the Internet.

    Also, I have a bridge in Brooklyn to sell, the biggest and most amazing bridge ever. Call today!

  • Remove custom functions, scripting and macros from Excel.

    At the very least, it will stop people building business critical applications as a spread sheet.

    On second thought, bring on the JavaScript functions. I make a lot of money replacing spread sheet applications with real ones.

  • News Flash From The Future
    Financial melt-down due to developer pulling NPM packages for some arbitrary reason; economists inconsolable!
  • Well, count down to viruses.

  • So they went with this, at least Excel will be more in the news in the near future. They should also throw in jQuery and React, for good measure. If youâ(TM)re supporting JS go all the way!
  • While they're at it, will they at least update that broze-age era IDE that lurks inside MS Office like a horror in a dark cellar?

I am more bored than you could ever possibly be. Go back to work.

Working...