Javascript不必放在<script> tag?
[英]Javascript doesn't have to be inside a <script> tag?
问题描述
The following code seems to execute Javascript when the page finishes loading. 
页面加载完成后,以下代码似乎可以执行Javascript。
<html>
<head>
<title>test page</title>
</head>
<body onload="alert('The page has finished loading');">
</div>
</body>
</html>
I thought that all Javascript code has to be encapsulated in between <script> and </script> . 我认为所有Javascript代码都必须封装在<script>和</script> 。 So why was that not the case here? 那么,为什么不是这种情况呢?
4 个解决方案
解决方案1
4 2012-01-07 23:53:02
This is an inline event handler , which contains Javascript code. 这是一个内联事件处理程序 ,其中包含Javascript代码。
They're generally frowned upon. 他们通常不满意。
Note that Javascript can also appear in javascript: URIs (such as bookmarklets). 请注意,Javascript也可以出现在javascript: URI(例如bookmarklet)中。
解决方案2
3 2012-01-07 23:57:18
JavaScript can be included in a page via: 可以通过以下方式将JavaScript包含在页面中:
- A script element referencing an external file 引用外部文件的脚本元素
- Inline in a script element 内联脚本元素
- An intrinsic event attribute (as in your example) 内部事件属性 (如您的示例)
- Anywhere that accepts a URI and doesn't block JS URIs for security reasons (once upon a time
<img src="javascript:someScriptHere()">worked,<a href="javascript:someScriptHere()">still does)出于安全原因,任何接受URI且不阻止JS URI的地方(曾经<img src="javascript:someScriptHere()">,但<a href="javascript:someScriptHere()">仍然可行) - Various proprietary extensions to CSS (such as
expression)CSS的各种专有扩展(例如expression)
Generally speaking, only the first of those techniques is a recommended method. 一般而言,仅推荐其中一种技术。 Avoid the others. 避免其他人。
解决方案3
1 2012-01-07 23:58:07
Not all JavaScript needs to be encapsulated so. 并非所有JavaScript都需要封装。 This is part of the reason simply stripping out tags to remove XSS is not enough. 这是仅剥离标签以删除XSS不足的部分原因。
解决方案4
1 2012-01-08 00:02:51
This called "inline JavaScript"! 这叫做“内联JavaScript”! Like inline CSS, inline JavaScript also is not a good practice. 像内联CSS一样,内联JavaScript也不是一个好习惯。
One of the reasons why we shouldn't use inline event handlers is that it requires us to mix JavaScript code in with our HTML/XHTML code.
我们不应该使用内联事件处理程序的原因之一是,它要求我们将JavaScript代码与HTML / XHTML代码混合在一起。 Other reasons are that it means cluttering up the HTML code with vast numbers of event handlers, whereas with scripting we can apply event handlers to any parts of the page, and even use a single event handler to handle events across multiple elements.
其他原因是,这意味着使用大量事件处理程序将HTML代码弄乱,而通过脚本编写,我们可以将事件处理程序应用于页面的任何部分,甚至可以使用单个事件处理程序来处理跨多个元素的事件。 HTML for the content, CSS for the presentation, and JavaScript for the behavior.
内容的HTML,演示文稿的CSS和行为的JavaScript。 By keeping a separation of behavior between these parts, we increase their ability to be maintained, and used across a wide range of situations. 通过将这些部分之间的行为分开,我们可以提高它们的维护能力,并可以在各种情况下使用。
This is not to say that inline event handlers are always a bad thing to do. 这并不是说内联事件处理程序始终是一件坏事。 Instead, realise that the use of them becomes a restriction on being able to more flexibly manage and maintain them. 取而代之的是,意识到使用它们成为了能够更灵活地管理和维护它们的限制。 Take a look at following articles for more information regarding this concerns: 请参阅以下文章,以获取有关此问题的更多信息:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.