[pve-eslint.git] / eslint / docs / rules / no-script-url.md

# Disallow Script URLs (no-script-url)

Using `javascript:` URLs is considered by some as a form of `eval`. Code passed in `javascript:` URLs has to be parsed and evaluated by the browser in the same way that `eval` is processed.

## Rule Details

Examples of **incorrect** code for this rule:

```js
/*eslint no-script-url: "error"*/

location.href = "javascript:void(0)";

location.href = `javascript:void(0)`;
```

## Compatibility

* **JSHint**: This rule corresponds to `scripturl` rule of JSHint.

## Further Reading

* [What is the matter with script-targeted URLs?](https://stackoverflow.com/questions/13497971/what-is-the-matter-with-script-targeted-urls)
Commit	Line	Data
eb39fafa DC	1	# Disallow Script URLs (no-script-url)
	2
	3	Using `javascript:` URLs is considered by some as a form of `eval`. Code passed in `javascript:` URLs has to be parsed and evaluated by the browser in the same way that `eval` is processed.
	4
	5	## Rule Details
	6
	7	Examples of incorrect code for this rule:
	8
	9	```js
	10	/eslint no-script-url: "error"/
	11
	12	location.href = "javascript:void(0)";
6f036462 TL	13
6f036462 TL	14	location.href = `javascript:void(0)`;
eb39fafa DC	15	```
	16
	17	## Compatibility
	18
	19	* JSHint: This rule corresponds to `scripturl` rule of JSHint.
	20
	21	## Further Reading
	22
	23	* [What is the matter with script-targeted URLs?](https://stackoverflow.com/questions/13497971/what-is-the-matter-with-script-targeted-urls)