What is the matter with script-targeted URLs?

javascript validation jshint

10,799

javascript: URLs are part of 'eval is evil'.

In order to execute the javascript: URL, the browser must fire up a JS parser and parse the text of the URL.
This is a slow and costly process.

Also, assembling javascript: URLs (or other strings that contain source code) is a tricky task which is prone to XSS vulnerabilities.

Finally, mixing code and URLs violates the separation of content and behavior (code).

10,799

Related videos on Youtube

Author by

Metalcoder

Just an Average Joe which aspires to code games someday!

Updated on June 04, 2022

Comments

Metalcoder almost 2 years
I'm using JSHint, and it got the following error:
```
Script URL.
```
Which I noticed that happened because on this particular line there is a string containing a javascript:... URL.

I know that JSHint complained that because the scripturl option is set, and since my codebase is quite large, I'll have to unset it for now.

Still, I don't understood what is the issue of using script URLs?
- SLaks over 11 years
  
  @epascarello: He's asking why.
- epascarello over 11 years
  
  Hence why I did not make it a answer! You guys are awesome!

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?

How to troubleshoot crashes detected by Google Play Store for Flutter app

Cupertino DateTime picker interfering with scroll behaviour

Why does awk -F work for most letters, but not for the letter "t"?

Flutter change focus color and icon color but not works

How to print and connect to printer using flutter desktop via usb?

Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0

Flutter Dart - get localized country name from country code

navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage

Android Sdk manager not found- Flutter doctor error

Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)

How to change the color of ElevatedButton when entering text in TextField

Related

Regular expression for double number range validation

jQuery validation on rows with text input and select fields?

Function declarations should not be placed in blocks. Use a function expression or move the statement to the top of the outer function

Max Date using JQuery Validation

Angular 2 Custom Validator: check if the input value is an integer?

What *is* the ngModel.$validators pipeline?

using express-validator as Express middle ware not working

How to restrict the same character from being used consecutively?

"invalid label" Firebug error with jQuery getJSON

Validate custom directive using ngMessages