HTML Guide

An <iframe> element allows to embed an HTML document inside another HTML document, and its src attribute is indicated the source URL of the embedded web page. The src attribute is a required attribute, so it cannot be blank.

Example:

<iframe src="https://example.com/map.html"></iframe>

Ensure the src attribute on the script element is non-empty and points to a valid resource.

The src attribute in a script element specifies the URL of an external script file. An empty src attribute is invalid because it tells the browser to fetch a resource from a URL that is not provided, leading to loading errors. Instead, ensure that the src attribute contains a valid file path or URL to an existing script file. If the script content is meant to be inline, you should omit the src attribute altogether and include the script content directly within the script element.

Example of a Valid External Script

Here is a valid example of a script element with a non-empty src attribute:

<!DOCTYPE html>
<html lang="en">
<head>
  <title>Valid Script Example</title>
</head>
<body>
  <script src="path/to/script.js"></script>
</body>
</html>

Example of a Valid Inline Script

If the script is to be written inline, exclude the src attribute and write the JavaScript code directly within the script tags:

<!DOCTYPE html>
<html lang="en">
<head>
  <title>Inline Script Example</title>
</head>
<body>
  <script>
    console.log('This is an inline script.');
  </script>
</body>
</html>

Troubleshooting

Double-check the script’s file path:

• Ensure the file path you provide in the src is correct relative to the HTML file.
• Make sure the script file exists in the location specified.
• If using a network URL, verify that the URL is correct and accessible.

The <script> tag allows authors to include dynamic scripts and data blocks in their documents. When the src is present, this tag accepts a type attribute which must be either:

• an empty string
• text/javascript (that’s the default, so it can be omitted)
• module

Examples:

<!-- This is valid, without a type it defaults to JavaScript -->

<script src="app.js"></script>

<!-- This is valid, but will warn that it can be omitted -->

<script type="text/javascript" src="app.js"></script>

<!-- An empty attribute is valid, but will warn that it can be omitted -->

<script type="" src="app.js"></script>

<!-- The module keyword is also valid as a type -->

<script type="module" src="app.js"></script>

<!-- Any other type is invalid -->

<script type="wrong" src="app.js"></script>
<script type="text/html" src="app.js"></script>
<script type="image/jpeg" src="app.js"></script>

The href attribute on the link element must not be empty.

Illegal character “[” in the iframe src URL requires percent-encoding or removal.

The iframe element’s src must be a valid URL. According to URL syntax, characters like [ and ] are not allowed in the query unless percent-encoded. If your src contains array-like parameters (e.g., filters[category]=news), encode reserved characters: [ becomes %5B and ] becomes %5D. Avoid spaces and encode other reserved characters as needed. Alternatively, adjust the server to accept dot or bracketless notation (e.g., filters.category=news or filters_category=news) so the URL stays valid without encoding.

HTML Examples

Example causing the validator error

<!DOCTYPE html>
<html lang="en">
<head>
  <title>Iframe URL Error</title>
</head>
<body>
<!-- [ and ] are illegal in URLs unless encoded -->

  <iframe src="https://example.com/embed?filters[category]=news&filters[tags]=web"></iframe>
</body>
</html>

Fixed example with percent-encoding

<!DOCTYPE html>
<html lang="en">
<head>
  <title>Iframe URL Fixed</title>
</head>
<body>
<!-- Encode [ as %5B and ] as %5D -->

  <iframe src="https://example.com/embed?filters%5Bcategory%5D=news&filters%5Btags%5D=web"></iframe>
</body>
</html>

A fragment identifier (the part after #) is not allowed in a data: URL used in an img src.

The img element accepts any valid URL in the src attribute, including data URLs per RFC 2397. However, RFC 2397 forbids fragment identifiers in data: URIs.

If you need to reference an internal fragment (e.g., an SVG symbol or id), use one of these approaches:

• Inline the SVG in the DOM and reference its ids normally.
• Put the SVG in a separate file and use a standard URL with a fragment (example.svg#icon).
• Remove the fragment from the data: URL and ensure the content renders without fragment navigation.

Square brackets in an img src query string must be percent-encoded to be valid.

The src attribute on img must be a valid URL. In URL query strings, characters like [ and ] are not allowed unescaped per URL syntax. When present (often from frameworks adding array-like params), they must be percent-encoded as [ -> %5B and ] -> %5D. Alternatively, remove brackets from the query or use a server-side/route format that avoids them.

HTML examples

Example causing the validator error

<img src="/images/photo.jpg?size[width]=300&size[height]=200" alt="Sample">

Fixed example using percent-encoding

<img src="/images/photo.jpg?size%5Bwidth%5D=300&size%5Bheight%5D=200" alt="Sample">

Fixed example by avoiding brackets in params

<img src="/images/photo.jpg?size_width=300&size_height=200" alt="Sample">

The src attribute on an <img> element contains an invalid character, that should be properly encoded as a URI percent-encoded character.

The src attribute for <img> tags is required, to define the source of the image, like in this example:

<img src="photo.jpg" alt="wombat" />

The URL in the src attribute value for an iframe is invalid as it contains an unexpected hash (#) character.

There’s an unexpected, possibly duplicate, hash character in the URÑ.

Examples:

Incorrect:

<iframe src="https://example.com/#?secret=123#abc"></iframe>

Correct (using only the query string):

<iframe src="https://example.com/#?secret=123"></iframe>

Correct (using the query string and a hash fragment) :

<iframe src="https://example.com/?secret=123#abc"></iframe>