The second way is to place JavaScript code in an external file and import it into the document. The second method is preferred because, with large programs, it is hard to maintain everything in an HTML document. JavaScript files have the file extension ".js". An example is:
<script src="myprogram.js"></script>
Although all JavaScript code should be in a .js file because our programs are short, we'll place code directly within a <script>
tag. We'll use external .js files in the next course.
This element includes the global attributes.
async
For classic scripts, if the async
attribute is present, then the classic script will be fetched in parallel to parsing and evaluated as soon as it is
available.
For module scripts, if the async
attribute is present then the scripts and all their dependencies will be executed in the defer queue, therefore
they will get fetched in parallel to parsing and evaluated as soon as they are available.
This attribute allows the elimination of parser-blocking JavaScript where the browser would have to load and evaluate scripts before continuing to parse. defer
has
a similar effect in this case.
This is a boolean attribute: the presence of a boolean attribute on an element represents the true value, and the absence of the attribute represents the false value.
See Browser compatibility for notes on browser support. See also Async scripts for asm.js.
crossorigin
script
elements pass minimal information to the window.onerror
for
scripts which do not pass the standard CORS checks. To allow error logging for sites which use a separate domain for static media, use this attribute. See CORS settings attributes for a more descriptive explanation of its
valid arguments.
defer
This Boolean attribute is set to indicate to a browser that the script is meant to be executed after the document has been parsed, but before firing DOMContentLoaded
.
Scripts with the defer
attribute will prevent the DOMContentLoaded
event
from firing until the script has loaded and finished evaluating.
This attribute must not be used if the src
attribute is absent (i.e. for inline scripts), in this case it would have no effect.
The defer
attribute has no effect on module scripts ' they defer by default.
Scripts with the defer
attribute will execute in the order in which they appear in the document.
This attribute allows the elimination of parser-blocking JavaScript where the browser would have to load and evaluate scripts before continuing to parse. async
has
a similar effect in this case.
Warning: This attribute must not be used if the src
attribute is absent (i.e. for inline scripts), in this case it would have no effect.
Scripts with the defer
attribute will execute in the order in which they appear in the document.
This attribute allows the elimination of parser-blocking JavaScript where the browser would have to load and evaluate scripts before continuing to parse. async
has a similar
effect in this case.
The defer
attribute has no effect on module scripts - they defer by default.
integrity
nomodule
nonce
referrerpolicy
no-referrer
: The Referer
header
will not be sent.no-referrer-when-downgrade
:
The
Referer
header will not be sent to origins without TLS (HTTPS).
origin
: The sent referrer will be limited to the origin of the referring page: its scheme, host, and port.
origin-when-cross-origin
:
The referrer sent to other origins will be limited to the scheme, the host, and the port. Navigations on the same origin will still include the path.same-origin
: A referrer will be sent for same origin, but cross-origin requests will contain no
referrer information.
strict-origin
: Only send the origin of the document as the referrer when the protocol security level
stays the same (HTTPS→HTTPS), but don't send it to a less secure destination (HTTPS→HTTP).strict-origin-when-cross-origin
(default):
Send a full URL when performing a same-origin request, only send the origin when the protocol security level stays the same (HTTPS→HTTPS), and send no header to a less secure destination (HTTPS→HTTP).
unsafe-url
: The referrer will include the origin and the path (but not the fragment, password,
or username).
This value is unsafe, because it leaks origins and paths from TLS-protected resources to insecure origins.Note: An empty string value (""
) is both the default value, and a fallback value if referrerpolicy
is
not supported. If referrerpolicy
is not explicitly specified on the <script>
element,
it will adopt a higher-level referrer policy, i.e. one set on the whole document or domain. If a higher-level policy is not available, the empty string is treated as being equivalent to
strict-origin-when-cross-origin
.
src
This attribute specifies the URI of an external script; this can be used as an alternative to embedding a script directly within a document.
type
This attribute indicates the type of script represented. The value of this attribute will be in one of the following categories:
src
attribute) code. JavaScript MIME types are listed in the specification.module
: Causes the code to be treated as a JavaScript module. The processing of the script contents is not affected by the
charset
and
defer
attributes. For information on using module
, see our JavaScript modules guide. Unlike classic scripts, module scripts require the use of the CORS protocol for cross-origin fetching.
src
attribute will be ignored.