admin管理员组文章数量:1188429
I'm using JSHint, and it got the following error:
Script URL.
Which I noticed that happened because on this particular line there is a string containing a javascript:... URL.
I know that JSHint complained that because the scripturl option is set, and since my codebase is quite large, I'll have to unset it for now.
Still, I don't understood what is the issue of using script URLs?
I'm using JSHint, and it got the following error:
Script URL.
Which I noticed that happened because on this particular line there is a string containing a javascript:... URL.
I know that JSHint complained that because the scripturl option is set, and since my codebase is quite large, I'll have to unset it for now.
Still, I don't understood what is the issue of using script URLs?
Share Improve this question edited Nov 21, 2012 at 16:48 Paul D. Waite 98.8k57 gold badges202 silver badges271 bronze badges asked Nov 21, 2012 at 16:44 MetalcoderMetalcoder 2,2624 gold badges25 silver badges30 bronze badges 2- 7 @epascarello: He's asking why. – SLaks Commented Nov 21, 2012 at 16:47
- 3 Hence why I did not make it a answer! You guys are awesome! – epascarello Commented Nov 21, 2012 at 16:48
1 Answer
Reset to default 29javascript: URLs are part of 'eval is evil'.
In order to execute the javascript: URL, the browser must fire up a JS parser and parse the text of the URL.
This is a slow and costly process.
Also, assembling javascript: URLs (or other strings that contain source code) is a tricky task which is prone to XSS vulnerabilities.
Finally, mixing code and URLs violates the separation of content and behavior (code).
本文标签: javascriptWhat is the matter with scripttargeted URLsStack Overflow
版权声明:本文标题:javascript - What is the matter with script-targeted URLs? - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1738371721a2082613.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论