Definition
The <script> tag is used to embed a client-side script, such as JavaScript. It can either be embedded directly or through an external file using the src attribute.
Example
<script async src="https://cdn.ampproject.org/v0.js"></script>Usage
- Both the opening and closing tags are required.
- In simple terms, the
<script>element must contain or reference dynamic scripts, such as JavaScript. The HTML Living Standard Specification goes into a little more detail:- If no
srcattribute is defined, permissible content will depend on thetypeattribute. It must, however, match script content restrictions. - If there is a
srcattribute defined, the element can be empty or match script documentation that matches script content restrictions.
- If no
Attributes
The Script element supports the Global Attributes, as well as the following:
asyncThe
asyncattribute is a boolean that determines whether the script should be fetched in parallel to HTML parsing and evaluated as soon as possible. Thesrcattribute must be present, as this only applies to external scripts.crossoriginThe
crossoriginattribute is a CORS setting attribute and controls whether error information will be exposed for external scripts from other origins.deferThe
deferattribute is a boolean that determines whether the script should be fetched only after the HTML has been parsed. Thesrcattribute must be present, as this only applies to external scripts.integrityThe
integrityattribute contains metadata that a browser can use to verify that hackers have not compromised the external script.nomoduleThe
nomoduleattribute is a boolean that determines whether to execute the script in browsers that support ES2015 modules. This is used as a fallback to server alternative script should the browser not support modular JavaScript code.referrerpolicyThe
referrerpolicyattribute specifies the referrer information you wish to send with the<script>.Values can include:
no-referrerno-referrer-when-downgradeoriginorigin-when-cross-originsame-originno-referrer-when-downgradestrict-origin-when-cross-originunsafe-url
srcThe
srcattribute specifies the URL of an external script.typeThe
typeattribute specifies the media type of the script.Values can include:
- JavaScript MIME type (default), such as
text/javascriptorapplication/javascript. modulewhich indicates a JavaScript module.- Any other value is treated as a
data blockand is not processed.
- JavaScript MIME type (default), such as
Best Practices
- You may want to consider users who cannot run JavaScript in the browser, either because it is disabled or because of lack of support. There is a
<noscript>element that can display content in such circumstances. For example:<noscript>JavaScript is off. Please enable to view t full site.</noscript> - There are several ways to execute JavaScript on the page:
async,defer, and immediately (default). It is best to fetch your script usingasyncfor performance reasons, or if the script is not required until after the page has loaded,defer.
Specification
Browser Support
Desktop
| Chrome | Edge | Firefox | IE | Opera | Safari |
|---|---|---|---|---|---|
| Yes | Yes | Yes | Yes | Yes | Yes |
Mobile
| Android Webview | Chrome Android | Firefox Android | Opera Android | iOS Safari | Samsung Internet |
|---|---|---|---|---|---|
| Yes | Yes | Yes | Yes | Yes | Yes |