반응형
 javascript: URIs

This technique relates to the following sections of the guidelines:

Task:

Avoid javascript: URIs. Attach events using DOM event attributes.

The javascript: URI space should not be used. All ECMAScript should be designed to degrade gracefully when script is not supported, and javascript: URIs necessarily break that graceful degradation.

Editorial Note: This is being discussed in the WG presently. One issue is whether, if JavaScript is assumed to exist in the client, it is necessary to restrict javascript: URIs. On the other hand, the javascript: namespace has referentiality problems, and in many cases, users can enjoy backward-compatibility without any undue burden on the author. (See bug 1073 for more detail.)

Deprecated Example:

Code such as the example below locks many users out of important portions of the site:

 
<a href="javascript:window.open('register.php')">click here</a> to register.

Example:

It is better in general to use the DOM events (onactivate, onclick, onkeypress, etc.) to call script functions, but leave a real http: URI in the link for non-script-capable browsers. In rare cases, it may be necessary to create a second page that duplicates the functionality of the page called by the script, but most of the time it is sufficient to point users to the same target page that is called by the script.

 
<a href="register.php" target="registerwindow"
 onclick="window.open('',this.target);">register here</a>
 
Posted by 1010