Question
I am learning about the Same-origin-policy of web security stated in MDN Web Docs regarding the scripts executed from pages with an about:blank or javascript: URL inherit the origin of the document containing that URL. I not really understand how does the javascript: URL referring to and I couldn’t find any other related description or example regarding javascript: URL.
Answer
Same-origin-policy of web security stated in MDN Web Docs is talking about the javascript:, pseudo-protocol, or URI scheme which is where you place one or more javascript statements as the value of an HTML attribute whose value is a URL (URI).
Here’s a basic example: <a href="javascript:alert('hello world')">click me</a>
Use of the javascript: pseudo-protocol in production web sites is not good practice. However, it’s quite useful for bookmarklets which are short user-scripts that can be stored as bookmarks in your browser to do automated things to the page in your current browser tab.
