Disallow Script URLs (no-script-url)

Using javascript: urls is considered by some as a form of eval. Script passed after javascript: has to be parsed and evaluated by the browser the same way that it does eval.

Rule Details

The following patterns are considered warnings:

location.href = "javascript:void(0)";

Compatibility

• JSHint: This rule corresponds to scripturl rule of JSHint.

Further Reading

• What is the matter with script-targeted URLs?

Version

This rule was introduced in ESLint 0.0.9.

Resources

• Rule source
• Documentation source