eslint/no-script-url Style

What it does

Disallow javascript: urls

Why is this bad?

Using javascript: URLs is considered by some as a form of eval. Code passed in javascript: URLs must be parsed and evaluated by the browser in the same way that eval is processed. This can lead to security and performance issues.

Examples

Examples of incorrect code for this rule

javascript

/*eslint no-script-url: "error"*/

location.href = "javascript:void(0)";

location.href = `javascript:void(0)`;

How to use

To enable this rule in the CLI or using the config file, you can use:

CLIConfig (.oxlintrc.json)

bash

oxlint --deny no-script-url

json

{
  "rules": {
    "no-script-url": "error"
  }
}

References

Rule Source

eslint/no-script-url Style ​

What it does ​

Why is this bad? ​

Examples ​

How to use ​

References ​