From a59c2f2da0a166e6b0307cf8b6261c2d4c3085a0 Mon Sep 17 00:00:00 2001
From: Christian Oliff <christian_oliff@trimble.com>
Date: Fri, 21 Nov 2025 00:26:01 +0900
Subject: [PATCH] Add 'allow-non-blocking' option to head-script-disabled rule

Enhances the 'head-script-disabled' rule to support an 'allow-non-blocking' option, permitting non-blocking scripts (modules, deferred, and async) in the <head> tag. Updates rule logic, types, documentation, and adds comprehensive tests for the new option.
---
 dist/core/rules/head-script-disabled.js       |  24 +++-
 src/core/rules/head-script-disabled.ts        |  53 ++++++--
 src/core/types.ts                             |   2 +-
 test/rules/head-script-disabled.spec.js       | 115 ++++++++++++++++++
 .../docs/rules/head-script-disabled.mdx       |  79 +++++++++++-
 5 files changed, 251 insertions(+), 22 deletions(-)

diff --git a/dist/core/rules/head-script-disabled.js b/dist/core/rules/head-script-disabled.js
index d9ab5b3e2..729c46c56 100644
--- a/dist/core/rules/head-script-disabled.js
+++ b/dist/core/rules/head-script-disabled.js
@@ -3,20 +3,32 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.default = {
     id: 'head-script-disabled',
     description: 'The <script> tag cannot be used in a <head> tag.',
-    init(parser, reporter) {
+    init(parser, reporter, options) {
         const reScript = /^(text\/javascript|application\/javascript)$/i;
         let isInHead = false;
         const onTagStart = (event) => {
             const mapAttrs = parser.getMapAttrs(event.attrs);
             const type = mapAttrs.type;
+            const defer = mapAttrs.defer;
             const tagName = event.tagName.toLowerCase();
             if (tagName === 'head') {
                 isInHead = true;
             }
-            if (isInHead === true &&
-                tagName === 'script' &&
-                (!type || reScript.test(type) === true)) {
-                reporter.warn('The <script> tag cannot be used in a <head> tag.', event.line, event.col, this, event.raw);
+            if (isInHead === true && tagName === 'script') {
+                const isModule = type === 'module';
+                const isDeferred = defer !== undefined;
+                const isAsync = mapAttrs.async !== undefined;
+                const isExecutableScript = !type || reScript.test(type) === true || isModule;
+                if (isExecutableScript) {
+                    if (options === 'allow-non-blocking') {
+                        if (!isModule && !isDeferred && !isAsync) {
+                            reporter.warn('The <script> tag cannot be used in a <head> tag unless it has type="module", defer, or async attribute.', event.line, event.col, this, event.raw);
+                        }
+                    }
+                    else {
+                        reporter.warn('The <script> tag cannot be used in a <head> tag.', event.line, event.col, this, event.raw);
+                    }
+                }
             }
         };
         const onTagEnd = (event) => {
@@ -29,4 +41,4 @@ exports.default = {
         parser.addListener('tagend', onTagEnd);
     },
 };
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaGVhZC1zY3JpcHQtZGlzYWJsZWQuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvY29yZS9ydWxlcy9oZWFkLXNjcmlwdC1kaXNhYmxlZC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQUdBLGtCQUFlO0lBQ2IsRUFBRSxFQUFFLHNCQUFzQjtJQUMxQixXQUFXLEVBQUUsa0RBQWtEO0lBQy9ELElBQUksQ0FBQyxNQUFNLEVBQUUsUUFBUTtRQUNuQixNQUFNLFFBQVEsR0FBRywrQ0FBK0MsQ0FBQTtRQUNoRSxJQUFJLFFBQVEsR0FBRyxLQUFLLENBQUE7UUFFcEIsTUFBTSxVQUFVLEdBQWEsQ0FBQyxLQUFLLEVBQUUsRUFBRTtZQUNyQyxNQUFNLFFBQVEsR0FBRyxNQUFNLENBQUMsV0FBVyxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsQ0FBQTtZQUNoRCxNQUFNLElBQUksR0FBRyxRQUFRLENBQUMsSUFBSSxDQUFBO1lBQzFCLE1BQU0sT0FBTyxHQUFHLEtBQUssQ0FBQyxPQUFPLENBQUMsV0FBVyxFQUFFLENBQUE7WUFFM0MsSUFBSSxPQUFPLEtBQUssTUFBTSxFQUFFLENBQUM7Z0JBQ3ZCLFFBQVEsR0FBRyxJQUFJLENBQUE7WUFDakIsQ0FBQztZQUVELElBQ0UsUUFBUSxLQUFLLElBQUk7Z0JBQ2pCLE9BQU8sS0FBSyxRQUFRO2dCQUNwQixDQUFDLENBQUMsSUFBSSxJQUFJLFFBQVEsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEtBQUssSUFBSSxDQUFDLEVBQ3ZDLENBQUM7Z0JBQ0QsUUFBUSxDQUFDLElBQUksQ0FDWCxrREFBa0QsRUFDbEQsS0FBSyxDQUFDLElBQUksRUFDVixLQUFLLENBQUMsR0FBRyxFQUNULElBQUksRUFDSixLQUFLLENBQUMsR0FBRyxDQUNWLENBQUE7WUFDSCxDQUFDO1FBQ0gsQ0FBQyxDQUFBO1FBRUQsTUFBTSxRQUFRLEdBQWEsQ0FBQyxLQUFLLEVBQUUsRUFBRTtZQUNuQyxJQUFJLEtBQUssQ0FBQyxPQUFPLENBQUMsV0FBVyxFQUFFLEtBQUssTUFBTSxFQUFFLENBQUM7Z0JBQzNDLE1BQU0sQ0FBQyxjQUFjLENBQUMsVUFBVSxFQUFFLFVBQVUsQ0FBQyxDQUFBO2dCQUM3QyxNQUFNLENBQUMsY0FBYyxDQUFDLFFBQVEsRUFBRSxRQUFRLENBQUMsQ0FBQTtZQUMzQyxDQUFDO1FBQ0gsQ0FBQyxDQUFBO1FBRUQsTUFBTSxDQUFDLFdBQVcsQ0FBQyxVQUFVLEVBQUUsVUFBVSxDQUFDLENBQUE7UUFDMUMsTUFBTSxDQUFDLFdBQVcsQ0FBQyxRQUFRLEVBQUUsUUFBUSxDQUFDLENBQUE7SUFDeEMsQ0FBQztDQUNNLENBQUEifQ==
\ No newline at end of file
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaGVhZC1zY3JpcHQtZGlzYWJsZWQuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvY29yZS9ydWxlcy9oZWFkLXNjcmlwdC1kaXNhYmxlZC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQUdBLGtCQUFlO0lBQ2IsRUFBRSxFQUFFLHNCQUFzQjtJQUMxQixXQUFXLEVBQUUsa0RBQWtEO0lBQy9ELElBQUksQ0FBQyxNQUFNLEVBQUUsUUFBUSxFQUFFLE9BQU87UUFDNUIsTUFBTSxRQUFRLEdBQUcsK0NBQStDLENBQUE7UUFDaEUsSUFBSSxRQUFRLEdBQUcsS0FBSyxDQUFBO1FBRXBCLE1BQU0sVUFBVSxHQUFhLENBQUMsS0FBSyxFQUFFLEVBQUU7WUFDckMsTUFBTSxRQUFRLEdBQUcsTUFBTSxDQUFDLFdBQVcsQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLENBQUE7WUFDaEQsTUFBTSxJQUFJLEdBQUcsUUFBUSxDQUFDLElBQUksQ0FBQTtZQUMxQixNQUFNLEtBQUssR0FBRyxRQUFRLENBQUMsS0FBSyxDQUFBO1lBQzVCLE1BQU0sT0FBTyxHQUFHLEtBQUssQ0FBQyxPQUFPLENBQUMsV0FBVyxFQUFFLENBQUE7WUFFM0MsSUFBSSxPQUFPLEtBQUssTUFBTSxFQUFFLENBQUM7Z0JBQ3ZCLFFBQVEsR0FBRyxJQUFJLENBQUE7WUFDakIsQ0FBQztZQUVELElBQUksUUFBUSxLQUFLLElBQUksSUFBSSxPQUFPLEtBQUssUUFBUSxFQUFFLENBQUM7Z0JBRTlDLE1BQU0sUUFBUSxHQUFHLElBQUksS0FBSyxRQUFRLENBQUE7Z0JBR2xDLE1BQU0sVUFBVSxHQUFHLEtBQUssS0FBSyxTQUFTLENBQUE7Z0JBR3RDLE1BQU0sT0FBTyxHQUFHLFFBQVEsQ0FBQyxLQUFLLEtBQUssU0FBUyxDQUFBO2dCQUc1QyxNQUFNLGtCQUFrQixHQUN0QixDQUFDLElBQUksSUFBSSxRQUFRLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxLQUFLLElBQUksSUFBSSxRQUFRLENBQUE7Z0JBRW5ELElBQUksa0JBQWtCLEVBQUUsQ0FBQztvQkFFdkIsSUFBSSxPQUFPLEtBQUssb0JBQW9CLEVBQUUsQ0FBQzt3QkFFckMsSUFBSSxDQUFDLFFBQVEsSUFBSSxDQUFDLFVBQVUsSUFBSSxDQUFDLE9BQU8sRUFBRSxDQUFDOzRCQUN6QyxRQUFRLENBQUMsSUFBSSxDQUNYLHlHQUF5RyxFQUN6RyxLQUFLLENBQUMsSUFBSSxFQUNWLEtBQUssQ0FBQyxHQUFHLEVBQ1QsSUFBSSxFQUNKLEtBQUssQ0FBQyxHQUFHLENBQ1YsQ0FBQTt3QkFDSCxDQUFDO29CQUNILENBQUM7eUJBQU0sQ0FBQzt3QkFFTixRQUFRLENBQUMsSUFBSSxDQUNYLGtEQUFrRCxFQUNsRCxLQUFLLENBQUMsSUFBSSxFQUNWLEtBQUssQ0FBQyxHQUFHLEVBQ1QsSUFBSSxFQUNKLEtBQUssQ0FBQyxHQUFHLENBQ1YsQ0FBQTtvQkFDSCxDQUFDO2dCQUNILENBQUM7WUFDSCxDQUFDO1FBQ0gsQ0FBQyxDQUFBO1FBRUQsTUFBTSxRQUFRLEdBQWEsQ0FBQyxLQUFLLEVBQUUsRUFBRTtZQUNuQyxJQUFJLEtBQUssQ0FBQyxPQUFPLENBQUMsV0FBVyxFQUFFLEtBQUssTUFBTSxFQUFFLENBQUM7Z0JBQzNDLE1BQU0sQ0FBQyxjQUFjLENBQUMsVUFBVSxFQUFFLFVBQVUsQ0FBQyxDQUFBO2dCQUM3QyxNQUFNLENBQUMsY0FBYyxDQUFDLFFBQVEsRUFBRSxRQUFRLENBQUMsQ0FBQTtZQUMzQyxDQUFDO1FBQ0gsQ0FBQyxDQUFBO1FBRUQsTUFBTSxDQUFDLFdBQVcsQ0FBQyxVQUFVLEVBQUUsVUFBVSxDQUFDLENBQUE7UUFDMUMsTUFBTSxDQUFDLFdBQVcsQ0FBQyxRQUFRLEVBQUUsUUFBUSxDQUFDLENBQUE7SUFDeEMsQ0FBQztDQUNNLENBQUEifQ==
\ No newline at end of file
diff --git a/src/core/rules/head-script-disabled.ts b/src/core/rules/head-script-disabled.ts
index 5b3ab6be7..4c8d72d12 100644
--- a/src/core/rules/head-script-disabled.ts
+++ b/src/core/rules/head-script-disabled.ts
@@ -4,31 +4,58 @@ import { Rule } from '../types'
 export default {
   id: 'head-script-disabled',
   description: 'The <script> tag cannot be used in a <head> tag.',
-  init(parser, reporter) {
+  init(parser, reporter, options) {
     const reScript = /^(text\/javascript|application\/javascript)$/i
     let isInHead = false
 
     const onTagStart: Listener = (event) => {
       const mapAttrs = parser.getMapAttrs(event.attrs)
       const type = mapAttrs.type
+      const defer = mapAttrs.defer
       const tagName = event.tagName.toLowerCase()
 
       if (tagName === 'head') {
         isInHead = true
       }
 
-      if (
-        isInHead === true &&
-        tagName === 'script' &&
-        (!type || reScript.test(type) === true)
-      ) {
-        reporter.warn(
-          'The <script> tag cannot be used in a <head> tag.',
-          event.line,
-          event.col,
-          this,
-          event.raw
-        )
+      if (isInHead === true && tagName === 'script') {
+        // Check if this is a module script
+        const isModule = type === 'module'
+
+        // Check if this is a deferred script
+        const isDeferred = defer !== undefined
+
+        // Check if this is an async script
+        const isAsync = mapAttrs.async !== undefined
+
+        // Check if script type is executable JavaScript (or no type specified)
+        const isExecutableScript =
+          !type || reScript.test(type) === true || isModule
+
+        if (isExecutableScript) {
+          // If allow-non-blocking option is enabled, check for non-blocking attributes
+          if (options === 'allow-non-blocking') {
+            // Allow modules, deferred scripts, and async scripts
+            if (!isModule && !isDeferred && !isAsync) {
+              reporter.warn(
+                'The <script> tag cannot be used in a <head> tag unless it has type="module", defer, or async attribute.',
+                event.line,
+                event.col,
+                this,
+                event.raw
+              )
+            }
+          } else {
+            // Default behavior: disallow all executable scripts in head
+            reporter.warn(
+              'The <script> tag cannot be used in a <head> tag.',
+              event.line,
+              event.col,
+              this,
+              event.raw
+            )
+          }
+        }
       }
     }
 
diff --git a/src/core/types.ts b/src/core/types.ts
index b9a1b14dc..f93bdc6e2 100644
--- a/src/core/types.ts
+++ b/src/core/types.ts
@@ -23,7 +23,7 @@ export interface Ruleset {
   'doctype-html5'?: boolean
   'empty-tag-not-self-closed'?: boolean
   'form-method-require'?: boolean
-  'head-script-disabled'?: boolean
+  'head-script-disabled'?: boolean | 'allow-non-blocking'
   'href-abs-or-rel'?: 'abs' | 'rel'
   'id-class-ad-disabled'?: boolean
   'id-class-value'?:
diff --git a/test/rules/head-script-disabled.spec.js b/test/rules/head-script-disabled.spec.js
index d481a8b89..d095e8a13 100644
--- a/test/rules/head-script-disabled.spec.js
+++ b/test/rules/head-script-disabled.spec.js
@@ -54,4 +54,119 @@ describe(`Rules: ${ruleId}`, () => {
     const messages = HTMLHint.verify(code, ruleOptions)
     expect(messages.length).toBe(0)
   })
+
+  describe('allow-non-blocking option', () => {
+    const allowNonBlockingOptions = {}
+    allowNonBlockingOptions[ruleId] = 'allow-non-blocking'
+
+    it('Module script in head should not result in an error', () => {
+      const code = '<head><script type="module" src="test.js"></script></head>'
+      const messages = HTMLHint.verify(code, allowNonBlockingOptions)
+      expect(messages.length).toBe(0)
+    })
+
+    it('Deferred script in head should not result in an error', () => {
+      const code = '<head><script defer src="test.js"></script></head>'
+      const messages = HTMLHint.verify(code, allowNonBlockingOptions)
+      expect(messages.length).toBe(0)
+    })
+
+    it('Deferred script with type in head should not result in an error', () => {
+      const code =
+        '<head><script type="text/javascript" defer src="test.js"></script></head>'
+      const messages = HTMLHint.verify(code, allowNonBlockingOptions)
+      expect(messages.length).toBe(0)
+    })
+
+    it('Async script in head should not result in an error', () => {
+      const code = '<head><script async src="test.js"></script></head>'
+      const messages = HTMLHint.verify(code, allowNonBlockingOptions)
+      expect(messages.length).toBe(0)
+    })
+
+    it('Async script with type in head should not result in an error', () => {
+      const code =
+        '<head><script type="text/javascript" async src="test.js"></script></head>'
+      const messages = HTMLHint.verify(code, allowNonBlockingOptions)
+      expect(messages.length).toBe(0)
+    })
+
+    it('Script with both async and defer should not result in an error', () => {
+      const code = '<head><script async defer src="test.js"></script></head>'
+      const messages = HTMLHint.verify(code, allowNonBlockingOptions)
+      expect(messages.length).toBe(0)
+    })
+
+    it('Module script with inline content should not result in an error', () => {
+      const code =
+        '<head><script type="module">import { test } from "./test.js";</script></head>'
+      const messages = HTMLHint.verify(code, allowNonBlockingOptions)
+      expect(messages.length).toBe(0)
+    })
+
+    it('Regular script in head should still result in an error', () => {
+      const code = '<head><script src="test.js"></script></head>'
+      const messages = HTMLHint.verify(code, allowNonBlockingOptions)
+      expect(messages.length).toBe(1)
+      expect(messages[0].rule.id).toBe(ruleId)
+      expect(messages[0].message).toBe(
+        'The <script> tag cannot be used in a <head> tag unless it has type="module", defer, or async attribute.'
+      )
+    })
+
+    it('Regular script with type in head should still result in an error', () => {
+      const code =
+        '<head><script type="text/javascript" src="test.js"></script></head>'
+      const messages = HTMLHint.verify(code, allowNonBlockingOptions)
+      expect(messages.length).toBe(1)
+      expect(messages[0].rule.id).toBe(ruleId)
+      expect(messages[0].message).toBe(
+        'The <script> tag cannot be used in a <head> tag unless it has type="module", defer, or async attribute.'
+      )
+    })
+
+    it('Inline script without defer, async, or module should result in an error', () => {
+      const code = '<head><script>console.log("test");</script></head>'
+      const messages = HTMLHint.verify(code, allowNonBlockingOptions)
+      expect(messages.length).toBe(1)
+      expect(messages[0].rule.id).toBe(ruleId)
+      expect(messages[0].message).toBe(
+        'The <script> tag cannot be used in a <head> tag unless it has type="module", defer, or async attribute.'
+      )
+    })
+
+    it('Template scripts should still not result in an error', () => {
+      let code =
+        '<head><script type="text/template"><img src="test.png" /></script></head>'
+      let messages = HTMLHint.verify(code, allowNonBlockingOptions)
+      expect(messages.length).toBe(0)
+
+      code =
+        '<head><script type="text/ng-template"><img src="test.png" /></script></head>'
+      messages = HTMLHint.verify(code, allowNonBlockingOptions)
+      expect(messages.length).toBe(0)
+    })
+
+    it('Scripts in body should still not result in an error', () => {
+      const code = '<head></head><body><script src="test.js"></script></body>'
+      const messages = HTMLHint.verify(code, allowNonBlockingOptions)
+      expect(messages.length).toBe(0)
+    })
+
+    it('Multiple scripts with mixed types should handle correctly', () => {
+      const code = `
+        <head>
+          <script type="module" src="module.js"></script>
+          <script defer src="deferred.js"></script>
+          <script async src="async.js"></script>
+          <script src="blocking.js"></script>
+        </head>
+      `
+      const messages = HTMLHint.verify(code, allowNonBlockingOptions)
+      expect(messages.length).toBe(1)
+      expect(messages[0].message).toBe(
+        'The <script> tag cannot be used in a <head> tag unless it has type="module", defer, or async attribute.'
+      )
+    })
+  })
 })
diff --git a/website/src/content/docs/rules/head-script-disabled.mdx b/website/src/content/docs/rules/head-script-disabled.mdx
index 21fcbce16..ea8d0ba9e 100644
--- a/website/src/content/docs/rules/head-script-disabled.mdx
+++ b/website/src/content/docs/rules/head-script-disabled.mdx
@@ -12,21 +12,96 @@ Level: <Badge text="Warning" variant="caution" />
 
 ## Config value
 
-- `true`: enable rule
+- `true`: enable rule (disallow all scripts in head)
 - `false`: disable rule
+- `"allow-non-blocking"`: allow non-blocking scripts (modules, deferred, and async scripts) in head
 
 ### The following patterns are **not** considered rule violations
 
+#### Default behavior (`true`)
+
 ```html
 <body>
   <script src="test.js"></script>
 </body>
 ```
 
-### The following pattern is considered a rule violation:
+```html
+<head>
+  <script type="text/template">
+    <div>Template content</div>
+  </script>
+</head>
+```
+
+#### With `"allow-non-blocking"` option
+
+```html
+<head>
+  <script type="module" src="module.js"></script>
+</head>
+```
+
+```html
+<head>
+  <script defer src="deferred.js"></script>
+</head>
+```
+
+```html
+<head>
+  <script async src="analytics.js"></script>
+</head>
+```
+
+```html
+<head>
+  <script type="module">
+    import { init } from './app.js';
+    init();
+  </script>
+</head>
+```
+
+### The following patterns are considered rule violations
+
+#### Default behavior (`true`)
+
+```html
+<head>
+  <script src="test.js"></script>
+</head>
+```
+
+```html
+<head>
+  <script type="module" src="module.js"></script>
+</head>
+```
+
+#### With `"allow-non-blocking"` option
 
 ```html
 <head>
   <script src="test.js"></script>
 </head>
 ```
+
+```html
+<head>
+  <script type="text/javascript">
+    console.log('blocking script');
+  </script>
+</head>
+```
+
+## Why this rule is important
+
+Scripts in the `<head>` section traditionally block HTML parsing and rendering, which can negatively impact page load performance. However, modern JavaScript features like ES6 modules (`type="module"`), the `defer` attribute, and the `async` attribute allow scripts to be non-blocking, making them safe to place in the head without performance penalties.
+
+For more information, see:
+
+- [MDN: Script element](https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script)
+- [MDN: defer attribute](https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script#defer)
+- [MDN: async attribute](https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script#async)
+- [MDN: JavaScript modules](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Modules)