Loading ...
Sorry, an error occurred while loading the content.

3184Re: JSLint and HTML

Expand Messages
  • hemanrobinson
    Mar 21, 2013
      For our project, embedding JavaScript in HTML is not bad practice. In fact, there is no alternative. We are required to produce a single output file.

      The reason is, our customers email these files, and post them to their corporate intranets. Our customers are not stupid, but neither do they want the hassle of managing multiple files, or arguing with their IT folks about how those files should be deployed.

      We have been delighted with JSLint for several years. Please give us an option to retain this feature. Thanks!


      --- In jslint_com@yahoogroups.com, "douglascrockford" <douglas@...> wrote:
      >
      > When I began JSLint in 2001, the usual practice in web applications was to include inline scripts and event handlers in HTML. So JSLint includes an HTML parser so that it can locate and inspect the embedded scripts.
      >
      > Since then, we have determined that embedding JavaScript in an HTML file is a very bad practice. It is bad from a performance standpoint because gzip and caching are not possible. It is bad from a security standpoint because of the XSS hazard. CSP cannot be effective unless you strictly follow the good practice of segregating scripts.
      >
      > Since the purpose of JSLint is to promote good practice, I will be removing JSLint's HTML parser.
      >
    • Show all 13 messages in this topic