Disallow creating dynamic script tags (`github/no-dynamic-script-tag`)

💼 This rule is enabled in the ✅ recommended config.

Rule Details

Creating dynamic script tags bypasses a lot of security measures - like SRIs - and pose a potential threat to your application. Instead of creating a script tag in the client, provide all necessary script tags in the page's HTML.

👎 Examples of incorrect code for this rule:

document.createElement('script')
document.getElementById('some-id').type = 'text/javascript'

👍 Examples of correct code for this rule:

<!-- index.html -->
<script src="/index.js" type="text/javascript">

Version

4.3.2

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

no-dynamic-script-tag.md

no-dynamic-script-tag.md

Disallow creating dynamic script tags (`github/no-dynamic-script-tag`)

Rule Details

Version

Files

no-dynamic-script-tag.md

Latest commit

History

no-dynamic-script-tag.md

File metadata and controls

Disallow creating dynamic script tags (github/no-dynamic-script-tag)

Rule Details

Version

Disallow creating dynamic script tags (`github/no-dynamic-script-tag`)