Products
In-IDE
IDE extension that lets you fix coding issues before they exist!
Discover SonarLint
SaaS
Setup is effortless and analysis is automatic for most languages
Discover SonarCloud
Self-Hosted
Fast, accurate analysis; enterprise scalability
Discover SonarQube

HTML static code analysis

Unique rules to find Bugs, Security Hotspots, and Code Smells in your HTML code

<script>...</script> elements should not be nested

intentionality - logical

reliability

Bug

MajorSonarSource default severity
click to learn more

Why is this an issue?

When parsing a script node, the browser treats its contents as plain text, and immediately finishes parsing when it finds the first closing </script> character sequence.

As a consequence, nested script nodes are not possible, because all opening <script> tags found along the way are ignored.

Web browsers doesn’t support nested <script>...</script> elements. But there is no error in such case and browsers just close the first encountered <script> tag as soon as a closing </script> tag is found along the way. So there is a big chance to display something totally unexpected to the end-users.

Noncompliant code example

<script type="text/template">
  <div>
    Hello!
  </div>
  <script type="text/javascript">  <!-- Noncompliant -->
    alert("Hi!");
  </script>
</script>

Compliant solution

<script type="text/javascript">
  alert("Hi!");
</script>

<script type="text/template">
  <div>
    Hello!
  </div>
</script>

Available In:

Catch issues on the fly,
in your IDE

Detect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

Analyze code in your
on-premise CI

In-IDE

SaaS

Self-Hosted