W3cubDocs

<script>

The <script> is used to embed or reference executable code; this is typically used to embed or refer to JavaScript code. The <script> element can also be used with other languages, such as WebGL's GLSL shader programming language.

Content categories	Metadata content, Flow content, Phrasing content.
Permitted content	Dynamic script such as `text/javascript`.
Tag omission	None, both the starting and ending tag are mandatory.
Permitted parents	Any element that accepts metadata content, or any element that accepts phrasing content.
Permitted ARIA roles	None
DOM interface	`HTMLScriptElement`

Attributes

This element includes the global attributes.

asyncHTML5: This is a Boolean attribute indicating that the browser should, if possible, load the script asynchronously.

This attribute must not be used if the src attribute is absent (i.e. for inline scripts). If it is included in this case it will have no effect.

Browsers usually assume the worst case scenario and load scripts synchronously, (i.e. async=false) during HTML parsing.

Dynamically inserted scripts (using document.createElement) load asynchronously by default, so to turn on synchronous loading (i.e. scripts load in the order they were inserted) set async=false.

See Browser compatibility for notes on browser support. See also Async scripts for asm.js.

crossorigin

Normal script elements pass minimal information to the window.onerror for scripts which do not pass the standard CORS checks. To allow error logging for sites which use a separate domain for static media, use this attribute. See CORS settings attributes for a more descriptive explanation of its valid arguments.

defer

This Boolean attribute is set to indicate to a browser that the script is meant to be executed after the document has been parsed, but before firing DOMContentLoaded.

Scripts with the defer attribute will prevent the DOMContentLoaded event from firing until the script has loaded and finished evaluating.

This attribute must not be used if the src attribute is absent (i.e. for inline scripts), in this case it would have no effect.

To achieve a similar effect for dynamically inserted scripts use async=false instead. Scripts with the defer attribute will execute in the order in which they appear in the document.

integrity: This attribute contains inline metadata that a user agent can use to verify that a fetched resource has been delivered free of unexpected manipulation. See Subresource Integrity.
nomodule: This Boolean attribute is set to indicate that the script should not be executed in browsers that support ES2015 modules — in effect, this can be used to serve fallback scripts to older browsers that do not support modular JavaScript code.

nonce: A cryptographic nonce (number used once) to whitelist inline scripts in a script-src Content-Security-Policy. The server must generate a unique nonce value each time it transmits a policy. It is critical to provide a nonce that cannot be guessed as bypassing a resource's policy is otherwise trivial.
src: This attribute specifies the URI of an external script; this can be used as an alternative to embedding a script directly within a document.

If a script element has a src attribute specified, it should not have a script embedded inside its tags.

text

Like the textContent attribute, this attribute sets the text content of the element. Unlike the textContent attribute, however, this attribute is evaluated as executable code after the node is inserted into the DOM.

type

This attribute indicates the type of script represented. The value of this attribute will be in one of the following categories:

Omitted or a JavaScript MIME type: For HTML5-compliant browsers this indicates the script is JavaScript. HTML5 specification urges authors to omit the attribute rather than provide a redundant MIME type. In earlier browsers, this identified the scripting language of the embedded or imported (via the src attribute) code. JavaScript MIME types are listed in the specification.
module For HTML5-compliant browsers the code is treated as a JavaScript module. The processing of the script contents is not affected by the charset and defer attributes. For information on using module, see ES6 in Depth: Modules. Code may behave differently when the module keyword is used.
Any other value: The embedded content is treated as a data block which won't be processed by the browser. Developers must use a valid MIME type that is not a JavaScript MIME type to denote data blocks. The src attribute will be ignored.

Note: in Firefox you could specify the version of JavaScript contained in a <script> element by including a non-standard version parameter inside the type attribute — for example type="text/javascript;version=1.8". This has been removed in Firefox 59 (see bug 1428745).

Deprecated attributes

charset: If present, its value must be an ASCII case-insensitive match for "utf-8". Both it’s unnecessary to specify the charset attribute, because documents must use UTF-8, and the script element inherits its character encoding from the document.
language: Like the type attribute, this attribute identifies the scripting language in use. Unlike the type attribute, however, this attribute’s possible values were never standardized. The type attribute should be used instead.

Notes

Scripts without async , defer or type="module" attributes, as well as inline scripts, are fetched and executed immediately, before the browser continues to parse the page.

The script should be served with the text/javascript MIME type, but browsers are lenient and only block them if the script is served with an image type (image/*); a video type (video/*); an audio (audio/*) type; or text/csv. If the script is blocked, an error is sent to the element, if not a load event is sent.

Examples

Basic

These examples show how to import script using the <script> element in both HTML4 and HTML5.

<!-- HTML4 -->
<script type="text/javascript" src="javascript.js"></script>

<!-- HTML5 -->
<script src="javascript.js"></script>

Module Fallback

Browsers that support the module value for the type attribute ignore any script with a nomodule attribute. That enables you to use module scripts while also providing nomodule-marked fallback scripts for non-supporting browsers.

<script type="module" src="main.mjs"></script>
<script nomodule src="fallback.js"></script>

Specifications

Specification	Status	Comments
HTML Living Standard The definition of '<script>' in that specification.	Living Standard	Removed the `charset` attribute
Unknown The definition of '<script>' in that specification.	Unknown	Removed the `charset` attribute
HTML 5.2 The definition of '<script>' in that specification.	Recommendation	Adds the `module` `type`
HTML 5.1 The definition of '<script>' in that specification.	Recommendation
HTML5 The definition of '<script>' in that specification.	Recommendation
HTML 4.01 Specification The definition of '<script>' in that specification.	Recommendation
Subresource Integrity The definition of '<script>' in that specification.	Recommendation	Adds the `integrity` attribute.

Browser compatibilityUpdate compatibility data on GitHub

	Desktop
	Chrome	Edge	Firefox	Internet Explorer	Opera	Safari
Basic support	1	Yes	1 1 Starting in Firefox 4, inserting <script> elements that have been created by calling `document.createElement("script")` no longer enforces execution in insertion order. This change lets Firefox properly abide by the specification. To make script-inserted external scripts execute in their insertion order, set `.async=false` on them.	Yes	Yes	Yes
`async`	1	Yes	1	Yes	Yes	Yes
`crossorigin`	30	Yes	13	No	12	Yes Yes The `crossorigin` attribute was implemented in WebKit in WebKit bug 81438.
`defer`	Yes Yes Chrome does not defer scripts with the `defer` attribute when the page is served as XHTML (`application/xhtml+xml`) - Chromium Issue #611136, Chromium Issue #874749	Yes	3.5 3.5 Since Firefox 3.6, the `defer` attribute is ignored on scripts that don't have the `src` attribute. However, in Firefox 3.5 even inline scripts are deferred if the `defer` attribute is set.	10 10 In versions prior to Internet Explorer 10, it implemented `defer` by a proprietary specification. Since version 10 it conforms to the W3C specification.	No	Yes
`integrity`	45	17	43	No	Yes	Yes
`language`	1	Yes	1	Yes	Yes	Yes
`nomodule`	Yes	No	60 60 55 — 60 Disabled Disabled From version 55 until version 60 (exclusive): this feature is behind the `dom.moduleScripts.enabled` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	No	No	No
`src`	1	Yes	1	Yes	Yes	Yes
`text`	1	Yes	1	Yes	Yes	Yes
`type`	1	Yes	1	Yes	Yes	Yes
`type.module`	61	16	60 60 54 — 60 Disabled Disabled From version 54 until version 60 (exclusive): this feature is behind the `dom.moduleScripts.enabled` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	No	48	10.1
`type`: The `version` parameter of the `type` attribute	No	No	? — 59	No	No	No

	Mobile
	Android webview	Chrome for Android	Edge Mobile	Firefox for Android	Opera for Android	iOS Safari	Samsung Internet
Basic support	Yes	Yes	Yes	4	Yes	Yes	Yes
`async`	Yes	Yes	Yes	4	Yes	Yes	Yes
`crossorigin`	Yes	Yes	?	14	?	?	Yes
`defer`	Yes	Yes	Yes	4	?	Yes	Yes
`integrity`	45	45	No	43	?	No	5.0
`language`	Yes	Yes	Yes	4	Yes	Yes	Yes
`nomodule`	Yes	Yes	No	60 60 55 — 60 Disabled Disabled From version 55 until version 60 (exclusive): this feature is behind the `dom.moduleScripts.enabled` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	?	No	Yes
`src`	Yes	Yes	Yes	4	Yes	Yes	Yes
`text`	Yes	Yes	Yes	4	Yes	Yes	Yes
`type`	Yes	Yes	Yes	4	Yes	Yes	Yes
`type.module`	61	61	16	60 60 54 — 60 Disabled Disabled From version 54 until version 60 (exclusive): this feature is behind the `dom.moduleScripts.enabled` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	48	10.3	No
`type`: The `version` parameter of the `type` attribute	No	No	No	? — 59	No	No	No

Compatibility notes

In older browsers that don't support the async attribute, parser-inserted scripts block the parser; script-inserted scripts execute asynchronously in IE and WebKit, but synchronously in Opera and pre-4 Firefox. In Firefox 4, the async DOM property defaults to true for script-created scripts, so the default behaviour matches the behaviour of IE and WebKit.

To request script-inserted external scripts be executed in the insertion order in browsers where the document.createElement("script").async evaluates to true (such as Firefox 4), set async=false on the scripts you want to maintain order.

Never call document.write() from an async script. In Firefox 3.6, calling document.write() has an unpredictable effect. In Firefox 4, calling document.write() from an async script has no effect (other than printing a warning to the error console).