2 * @fileoverview Rule to flag when using javascript: urls
5 /* jshint scripturl: true */
6 /* eslint no-script-url: 0 */
10 const astUtils = require("./utils/ast-utils");
12 //------------------------------------------------------------------------------
14 //------------------------------------------------------------------------------
21 description: "disallow `javascript:` urls",
22 category: "Best Practices",
24 url: "https://eslint.org/docs/rules/no-script-url"
30 unexpectedScriptURL: "Script URL is a form of eval."
37 * Check whether a node's static value starts with "javascript:" or not.
38 * And report an error for unexpected script URL.
39 * @param {ASTNode} node node to check
42 function check(node) {
43 const value = astUtils.getStaticStringValue(node);
45 if (typeof value === "string" && value.toLowerCase().indexOf("javascript:") === 0) {
46 context.report({ node, messageId: "unexpectedScriptURL" });
51 if (node.value && typeof node.value === "string") {
55 TemplateLiteral(node) {
56 if (!(node.parent && node.parent.type === "TaggedTemplateExpression")) {