HTML <script> (Scripting) Tag
Example
<script>
document.write("Hello World!");
</script>
Meaning
The <script> element contains statements in a scripting language for client-side processing.
Scripting statements can either be included inline or loaded from an external file.
Notes:
- If the src attribute is specified, the <script> element should not have a script embedded within its tags.
- When the Type attribute is unset on the script object, then text/javascript is used by default.
- The order of the script objects in a document can also be important, especially if scripting event handlers are assigned to one or more elements in the document.
- Using async="async" didn’t work in some older browser, instead async="true" was used.
- Use <noscript> element for users that have disabled scripts in their browser, or have a browser that doesn't support client-side scripting.
Version: HTML 4, 4.01, 5
Standard Syntax
<script>...</script>Browser Support
Status
Attributes
| Attribute | Value | Description |
|---|---|---|
| async | async | Specifies that the script should be executed asynchronously, as soon as it becomes available. |
| crossorigin | anonymous use-credentials |
Whether or not script error information will be revealed from the script(This is used only when scripts are being loaded from different origins). |
| defer | defer | Specifies that script should be executed after the document has been parsed. |
| integrity | filehash | Allows a browser to check the fetched script to ensure that the code is never loaded if the source has been manipulated |
| nomodule | nomodule | Specifies that the script should not be executed in browsers supporting ES2015 modules. |
| nonce | randomToken | A cryptographic nonce (number used once) to allow scripts in a script-src Content-Security-Policy. The server must generate a unique nonce value each time it transmits a policy. It is critical to provide a nonce that cannot be guessed as bypassing a resource's policy is otherwise trivial. |
| referrerpolicy | no-referrer no-referrer-when-downgrade origin origin-when-cross-origin same-origin strict-origin strict-origin-when-cross-origin unsafe-url |
Specifies which referrer information to send when fetching a script |
| src | URL | The URL to an external file that contains the source code or data. |
| type | scriptType | The MIME type for the script. Required in HTML 4, defaults to text/javascript in HTML 5. For JavaScript, this should always be set to application/javascript since RFC4329. |
Deprecated Attributes
| Attribute | Value | Description |
|---|---|---|
| charset | charset | Sets or retrieves the script’s character encoding. You can’t use the type attribute with this attribute. |
| language | languageCode | The programming language for the associated scripting engine. Depracated, use type instead. |
| xml:space | preserve | Specifies whether whitespace should be preserved within the script element. |
Global Attributes
The <script> element also supports the Global Attributes in HTML.
Event Attributes
The <script> element also supports the Event Attributes in HTML.
By Default CSS Value(s)
Most of the browsers will display the <script> element with the following by default value(s)
script {
display: none;
}