]>
Commit | Line | Data |
---|---|---|
8f9d1d4d DC |
1 | --- |
2 | title: no-script-url | |
8f9d1d4d DC |
3 | rule_type: suggestion |
4 | further_reading: | |
5 | - https://stackoverflow.com/questions/13497971/what-is-the-matter-with-script-targeted-urls | |
6 | --- | |
7 | ||
eb39fafa DC |
8 | |
9 | Using `javascript:` URLs is considered by some as a form of `eval`. Code passed in `javascript:` URLs has to be parsed and evaluated by the browser in the same way that `eval` is processed. | |
10 | ||
11 | ## Rule Details | |
12 | ||
13 | Examples of **incorrect** code for this rule: | |
14 | ||
8f9d1d4d DC |
15 | ::: incorrect |
16 | ||
eb39fafa DC |
17 | ```js |
18 | /*eslint no-script-url: "error"*/ | |
19 | ||
20 | location.href = "javascript:void(0)"; | |
6f036462 TL |
21 | |
22 | location.href = `javascript:void(0)`; | |
eb39fafa DC |
23 | ``` |
24 | ||
8f9d1d4d DC |
25 | ::: |
26 | ||
eb39fafa DC |
27 | ## Compatibility |
28 | ||
29 | * **JSHint**: This rule corresponds to `scripturl` rule of JSHint. |