What is the matter with script-targeted URLs?

Question

I\'m using JSHint, and it got the following error:

Script URL.

Which I noticed that happened because on this particular line there is a str

Answer 1

javascript: URLs are part of 'eval is evil'.

In order to execute the javascript: URL, the browser must fire up a JS parser and parse the text of the URL.
This is a slow and costly process.

Also, assembling javascript: URLs (or other strings that contain source code) is a tricky task which is prone to XSS vulnerabilities.

Finally, mixing code and URLs violates the separation of content and behavior (code).