HTML Guide for src
The <script> tag allows authors to include dynamic scripts and data blocks in their documents. When the src is present, this tag accepts a type attribute which must be either:
- an empty string
- text/javascript (that’s the default, so it can be omitted)
- module
Examples:
<!-- This is valid, without a type it defaults to JavaScript -->
<script src="app.js"></script>
<!-- This is valid, but will warn that it can be omitted -->
<script type="text/javascript" src="app.js"></script>
<!-- An empty attribute is valid, but will warn that it can be omitted -->
<script type="" src="app.js"></script>
<!-- The module keyword is also valid as a type -->
<script type="module" src="app.js"></script>
<!-- Any other type is invalid -->
<script type="wrong" src="app.js"></script>
<script type="text/html" src="app.js"></script>
<script type="image/jpeg" src="app.js"></script>An <iframe> element allows to embed an HTML document inside another HTML document, and its src attribute is indicated the source URL of the embedded web page. The src attribute is a required attribute, so it cannot be blank.
Example:
<iframe src="https://example.com/map.html"></iframe>The src attribute on an <img> element contains an invalid character, that should be properly encoded as a URI percent-encoded character.
The src attribute for <img> tags is required, to define the source of the image, like in this example:
<img src="photo.jpg" alt="wombat" />Ensure the src attribute on the script element is non-empty and points to a valid resource.
The src attribute in a script element specifies the URL of an external script file. An empty src attribute is invalid because it tells the browser to fetch a resource from a URL that is not provided, leading to loading errors. Instead, ensure that the src attribute contains a valid file path or URL to an existing script file. If the script content is meant to be inline, you should omit the src attribute altogether and include the script content directly within the script element.
Example of a Valid External Script
Here is a valid example of a script element with a non-empty src attribute:
<!DOCTYPE html>
<html lang="en">
<head>
<title>Valid Script Example</title>
</head>
<body>
<script src="path/to/script.js"></script>
</body>
</html>Example of a Valid Inline Script
If the script is to be written inline, exclude the src attribute and write the JavaScript code directly within the script tags:
<!DOCTYPE html>
<html lang="en">
<head>
<title>Inline Script Example</title>
</head>
<body>
<script>
console.log('This is an inline script.');
</script>
</body>
</html>Troubleshooting
Double-check the script’s file path:
- Ensure the file path you provide in the src is correct relative to the HTML file.
- Make sure the script file exists in the location specified.
- If using a network URL, verify that the URL is correct and accessible.
The src attribute contains square brackets ([ or ]) in the URL’s query string, which are not permitted in valid HTML URLs.
According to the HTML standard, attribute values such as URLs must conform to valid URI syntax. Unencoded square brackets are reserved characters in URI syntax and must be percent-encoded. Specifically, [ should be replaced with %5B and ] with %5D. This ensures the URL is correctly interpreted by browsers and validators. For example, a URL parameter like sort=[asc] should be coded as sort=%5Basc%5D.
Correct HTML Example:
<iframe src="/page?time=%5Btimestamp%5D"></iframe>Always encode reserved characters in URLs when using them in HTML attribute values to ensure W3C compliance.
An <iframe> element allows to embed an HTML document inside another HTML document, and its src attribute is indicated the source URL of the embedded web page. The query part of that URL contains one or more space characters, which are not allowed, for example:
<iframe src="https://maps.google.it/maps?q=2700 6th Avenue"></iframe>You should properly escape all space characters as %20 like this:
<iframe src="https://maps.google.it/maps?q=2700%206th%20Avenue"></iframe>This error message indicates that there is a backslash (\) used in a URL, which is not a valid character for URL paths.
You’ll need to replace the backslashes with forward slashes (/) in the URL path segments.
Here’s an example of a correct img tag using a valid URL path:
<img src="https://example.com/img/small/photo.png" alt="example image">Also, make sure that the URL is correct and that the image file actually exists in the specified location.
The src attribute on an element <img> contains a character which is not allowed unless properly encoded.
Special characters needing encoding are: :, /, ?, #, [, ], @, !, $, &, ', (, ), *, +, ,, ;, =, as well as % itself.
For example, this image tag is incorrect because the src attribute contains an the unallowed characters [ and ]:
<img src="image[00].svg" alt="logo">Instead, this is the properly percent-encoded src attribute, where [ has been replaced with %5B and ] with %5D.
<img src="image%5B00%5D.svg" alt="logo">Space characters are not allowed in src attributes. Instead, they should be converted to %20. In this example, the first line is invalid and the second is valid:
<img src="https://example.com/?s=some term" alt="description" />
<img src="https://example.com/?s=some%20term" alt="description" />The src attribute on an element <img> contains a character that is not allowed, and should be encoded.
Some typical examples include the pipe character | that should be replaced by its encoded alternative %7C , and the left square bracket [ that needs to be encoded as %5B.
The src attribute on an <img> tag is not allowed to contain space characters. You should replace them with “%20“.
To fix the issue of having a bad value for the src attribute on an img element due to having a tab, new line, or carriage return, you need to ensure that the src attribute does not contain any additional whitespace characters like tab, new line, or carriage return.
Incorrect code:
<img src="images/example.jpg
" alt="Example Image">Corrected code:
<img src="images/example.jpg" alt="Example Image">By removing the extra whitespace characters (new line in this case) and ensuring that the src attribute value is properly enclosed within quotes, the issue should be resolved.
The issue arises from the space character in the src attribute value of the script element. In URLs, spaces are not allowed and should be properly encoded to avoid validation errors.
Fix
Replace spaces with %20, which is the URL-encoded representation of a space.
Example
Before:
<script src="https://example.com/media assets/app.js"></script>After:
<script src="https://example.com/media%20assets/app.js"></script>Explanation
In this example, the space between “media” and “assets” in the URL is replaced with %20. This change ensures that the URL conforms to standards and is correctly processed by browsers and servers. Spaces and other special characters in URLs must be encoded to ensure proper formatting and accessibility.
The src attribute value is malformed, check that it doesn’t contain extraneous characters.
For example, this is invalid because the URL in the src attribute contains a space in between the https: and // parts:
<a href="https: //example.com">Some link</a>To fix this issue, you can try removing the space after “https:” in the URL in the src attribute:
<a href="https://example.com">Some link</a><img> tags used to display images require the attribute src to indicate the source of the image, for example <img src="/img/photo.jpg" />.
The async and defer boolean attributes of the <script> element control how an external script should be executed once it has been downloaded. The async attribute makes sense when an external script (defined with the src attribute) is loaded, or when defining a script of type module:
<script async src="app.js"></script>
<script async type="module">
/* JavaScript module code here */
</script>The charset attribute on a <script> element can be used to specify the character encoding of an external script, whose URL should be specified on the src attribute.
If the script is not external, then the charset attribute should not be used, as the character encoding of the HTML document will be used.
The defer and async boolean attributes of the <script> element control how an external script should be executed once it has been downloaded. These attributes only make sense when referring to external scripts, so a src attribute must also be present to specify the location of the script.
Example:
<script defer src="app.js"></script>If your script is not external, and is inlined within the HTML document, then you should remove the defer attribute, like in this example:
<script>
console.log("hello");
</script>