documentWrites
Reports uses of
document.write()anddocument.writeln()which block HTML parsing.
✅ This rule is included in the browser logical presets.
The document.write() and document.writeln() APIs write strings into the document stream while HTML is being parsed.
They can block parsing, replace the current document after load, and turn string construction mistakes into script injection vulnerabilities.
Create DOM nodes directly, or let your framework render the content.
Examples
Section titled “Examples”document.write("<main>Loaded</main>");window.document.writeln(`<p>${location.search}</p>`);const main = document.createElement("main");main.textContent = "Loaded";document.body.append(main);Options
Section titled “Options”This rule is not configurable.
When Not To Use It
Section titled “When Not To Use It”If you maintain legacy third-party snippets that intentionally rely on parser-inserted script execution and cannot be changed yet, it may be preferable to disable this rule around those snippets. For application code, prefer explicit DOM construction, static script tags, or renderer-managed updates.
Further Reading
Section titled “Further Reading”Equivalents in Other Linters
Section titled “Equivalents in Other Linters”
Made with ❤️🔥 around the world by
the Flint team and contributors.