javascript: URLs

Warning: Using javascript: URLs on the web is discouraged as it may lead to execution of arbitrary code, similar to the ramifications of using eval(). It may also reduce accessibility because it deviates from normal link behavior.

JavaScript URLs, URLs prefixed with the javascript: scheme, are used as fake navigation targets that execute JavaScript when the browser attempts to navigate. If the URL evaluates to a string, it is treated as HTML and rendered by the browser.

Syntax

JavaScript URLs start with the javascript: scheme and are followed by JavaScript code. The code will be parsed as a script.

url

javascript:

In this example, the href attribute of an element is set to a javascript: URL that navigates to a new page with the content "Hello, world!":

html

Click me

Note that because javascript: URLs do not create history entries, there's no way to go back to the previous page without refreshing.

Using `javascript:` URLs as form actions

In this example, the action attribute of a

element is set to a javascript: URL that alerts a message when submitted:

html

Instead of doing this, consider listening for the form's submit event and handling it with JavaScript:

html

Using `javascript:` URLs as iframe sources

In this example, the src attribute of an </code> element is set to a <code>javascript:</code> URL that navigates to a new page with the content "Hello, world!":</p> <div class="code-example"><div class="example-header"><span class="language-name">html</span></div><pre class="brush: html example-bad notranslate"><code><iframe src="javascript:pageContent">

Instead of doing this, consider setting the srcdoc attribute instead:

html

Specification
HTML # the-javascript:-url-special-case

Specification

HTML
# the-javascript:-url-special-case

Click me\n\n\nNote that because javascript: URLs do not create history entries, there's no way to go back to the previous page without refreshing."}},{"type":"prose","value":{"id":"using_javascript_urls_as_form_actions","title":"Using javascript: URLs as form actions","isH3":true,"content":" In this example, the action attribute of a element is set to a javascript: URL that alerts a message when submitted:\nhtml\n \n \n\n\nInstead of doing this, consider listening for the form's submit event and handling it with JavaScript:\n html\n \n \n \n\n"}},{"type":"prose","value":{"id":"using_javascript_urls_as_iframe_sources","title":"Using javascript: URLs as iframe sources","isH3":true,"content":"In this example, the src attribute of an element is set to a <code>javascript: URL that navigates to a new page with the content \"Hello, world!\":\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">html<pre class=\"brush: html example-bad notranslate\"><code><iframe src=\"javascript:pageContent\">\n\n\n Instead of doing this, consider setting the srcdoc attribute instead:\n html\n\n"}},{"type":"prose","value":{"id":"using_javascript_urls_with_window.location","title":"Using javascript: URLs with window.location","isH3":true,"content":"In this example, the window.location property is set to a javascript: URL that navigates to a new page with the content \"Hello, world!\":\n jswindow.location = \"javascript:'Hello world!'\";\n\nInstead of doing this, consider using DOM APIs to modify the page content. For example:\n jsdocument.body.textContent = \"Hello, world!\";\n"}},{"type":"specifications","value":{"id":"specifications","title":"Specifications","isH3":false,"specifications":[{"bcdSpecificationURL":"https://html.spec.whatwg.org/multipage/browsing-the-web.html#the-javascript:-url-special-case","title":"HTML"}],"query":"undefined"}},{"type":"prose","value":{"id":"see_also","title":"See also","isH3":false,"content":"\nURIs\n Content Security Policy (CSP)\n IANA list of URI schemes\n"}}],"isActive":true,"isMarkdown":true,"isTranslated":false,"locale":"en-US","mdn_url":"/en-US/docs/Web/URI/Reference/Schemes/javascript","modified":"2025-04-10T14:56:07.000Z","native":"English (US)","noIndexing":false,"other_translations":[{"locale":"de","title":"javascript: URLs","native":"Deutsch"},{"locale":"ja","title":"javascript: URL","native":"日本語"}],"pageTitle":"javascript: URLs - URIs | MDN","parents":[{"uri":"/en-US/docs/Web","title":"References"},{"uri":"/en-US/docs/Web/URI","title":"URIs"},{"uri":"/en-US/docs/Web/URI/Reference","title":"Reference"},{"uri":"/en-US/docs/Web/URI/Reference/Schemes","title":"Scheme"},{"uri":"/en-US/docs/Web/URI/Reference/Schemes/javascript","title":"javascript:"}],"popularity":null,"short_title":"javascript:","sidebarHTML":"URIs GuidesUsing 'www' in URLs Reference Schemedata: javascript: resource: urn: Authority Path Query FragmentText fragments","sidebarMacro":"urlsidebar","source":{"folder":"en-us/web/uri/reference/schemes/javascript","github_url":"https://github.com/mdn/content/blob/main/files/en-us/web/uri/reference/schemes/javascript/index.md","last_commit_url":"https://github.com/mdn/content/commit/e9b6cd1b7fa8612257b72b2a85a96dd7d45c0200","filename":"index.md"},"summary":"JavaScript URLs, URLs prefixed with the javascript: scheme, are used as fake navigation targets that execute JavaScript when the browser attempts to navigate. If the URL evaluates to a string, it is treated as HTML and rendered by the browser.","title":"javascript: URLs","toc":[{"text":"Syntax","id":"syntax"},{"text":"Description","id":"description"},{"text":"Examples","id":"examples"},{"text":"Specifications","id":"specifications"},{"text":"See also","id":"see_also"}],"pageType":"unknown"}}