Avoid using JavaScript in URLs

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Metadata

ID: javascript-best-practices/no-script-url

Language: JavaScript

Severity: Notice

Category: Best Practices

Description

JavaScript URLs are evaluated the same way eval is executed. This can lead to arbitrary code execution.

Non-Compliant Code Examples

var a = 'javascript:void(0);';
var a = 'javascript:';
var a = `javascript:`;
var a = `JavaScript:`;

Compliant Code Examples

var a = 'Hello World!';
var a = 10;
var url = 'xjavascript:'
var url = `xjavascript:`
var url = `${foo}javascript:`
var a = foo`javaScript:`;
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

Seamless integrations. Try Datadog Code Analysis

PREVIEWING: antoine.dussault/service-representation-ga-docs-us1