# `Bylaw.Credo.Check.HEEx.NoJavascriptHref`
[🔗](https://github.com/ryanzidago/bylaw/blob/v0.1.0-alpha.1/lib/bylaw/credo/check/heex/no_javascript_href.ex#L1)

## Basics

> #### This check is disabled by default. {: .neutral}
>
> [Learn how to enable it](`e:credo:config_file.html#checks`) via `.credo.exs`.

This check has a base priority of `high` and works with any version of Elixir.

## Explanation

Forbids static HEEx/HTML link `href` attributes that use `javascript:`.

## Examples

Embedded `~H` templates are checked during normal Credo runs over Elixir
files. Standalone `.html.heex` templates require enabling
`Bylaw.Credo.Plugin.HEExSources` in Credo's `plugins` configuration.
Avoid:

      ~H"""
      <a href="javascript:alert('x')">Delete</a>
      """
Prefer:

      ~H"""
      <a href="/account">Account</a>
      <a href={@href}>Dynamic link</a>
      <button phx-click="delete">Delete</button>
      """

## Notes

Embedded `~H` templates in `.ex` and `.exs` files are checked by Credo's normal source traversal. Standalone `.html.heex` templates are checked when `Bylaw.Credo.Plugin.HEExSources` is enabled in `.credo.exs`.

This check uses static HEEx token analysis, so it reports only patterns visible in the template source.

## Options

This check has no check-specific options. Configure it with an empty option list.

## Usage

Add this check to Credo's `checks:` list in `.credo.exs`:

```elixir
%{
  configs: [
    %{
      name: "default",
      checks: [
        {Bylaw.Credo.Check.HEEx.NoJavascriptHref, []}
      ]
    }
  ]
}
```

## Check-Specific Parameters

*There are no specific parameters for this check.*

## General Parameters

Like with all checks, [general params](`e:credo:check_params.html`) can be applied.

Parameters can be configured via the [`.credo.exs` config file](`e:credo:config_file.html`).

---

*Consult [api-reference.md](api-reference.md) for complete listing*