Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

Disallow usage of javascript: URLs (react/jsx-no-script-url)

In React 16.9 any URLs starting with javascript: scheme log a warning. React considers the pattern as a dangerous attack surface, see details. In a future major release, React will throw an error if it encounters a javascript: URL.

Rule Details

Examples of incorrect code for this rule:

<a href="javascript:"></a>
<a href="javascript:void(0)"></a>
<a href="j\n\n\na\rv\tascript:"></a>

Examples of correct code for this rule:

<Foo href="javascript:"></Foo>
<a href={"javascript:"}></a>

Rule Options

{
  "react/jsx-no-script-url": [
    "error",
    [
      {
        "name": "Link",
        "props": ["to"]
      },
      {
        "name": "Foo",
        "props": ["href", "to"]
      }
    ]
  ]
}

Allows you to indicate a specific list of properties used by a custom component to be checked.

name

Component name.

props

List of properties that should be validated.

Examples of incorrect code for this rule, when configured with the above options:

<Link to="javascript:void(0)"></Link>
<Foo href="javascript:void(0)"></Foo>
<Foo to="javascript:void(0)"></Foo>