以脚本定位的URL有什么问题? [英] What is the matter with script-targeted URLs?
问题描述
我正在使用JSHint,但出现以下错误:
I'm using JSHint, and it got the following error:
Script URL.
我注意到发生这种情况是因为在此特定行上有一个包含javascript:...
URL的字符串.
Which I noticed that happened because on this particular line there is a string containing a javascript:...
URL.
我知道JSHint抱怨说,因为设置了scripturl
选项,并且由于我的代码库很大,所以我现在必须将其取消设置.
I know that JSHint complained that because the scripturl
option is set, and since my codebase is quite large, I'll have to unset it for now.
仍然,我不了解使用脚本URL的问题是什么?
Still, I don't understood what is the issue of using script URLs?
推荐答案
javascript:
URL是评估就是邪恶"的一部分.
javascript:
URLs are part of 'eval is evil'.
为了执行javascript:
URL,浏览器必须启动JS解析器并解析URL的文本.
这是一个缓慢而昂贵的过程.
In order to execute the javascript:
URL, the browser must fire up a JS parser and parse the text of the URL.
This is a slow and costly process.
此外,组装javascript:
URL(或其他包含源代码的字符串)是一项棘手的任务,容易产生XSS漏洞.
Also, assembling javascript:
URLs (or other strings that contain source code) is a tricky task which is prone to XSS vulnerabilities.
最后,混合使用代码和URL违反了内容和行为(代码)的分隔.
Finally, mixing code and URLs violates the separation of content and behavior (code).
这篇关于以脚本定位的URL有什么问题?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!