CodeQL documentation
CodeQL resources

Malformed id attribute

ID: js/malformed-html-id
Kind: problem
Security severity: 
Severity: warning
Precision: very-high
Tags:
   - maintainability
   - correctness
   - external/cwe/cwe-758
Query suites:
   - javascript-security-and-quality.qls

Click to see the query in the CodeQL repository

According to the HTML5 standard, the value of the id attribute of an element must contain at least one character, and must not contain any space characters. ID attributes that do not conform to this restriction may be interpreted differently by different browsers, and may indicate a misunderstanding on the part of the developer.

Recommendation

Inspect the ID attribute in question. If its value is empty, the attribute is most likely useless and can be removed. If it contains a space, perhaps the attribute was meant to be a class attribute.

Example

The following HTML element has an ID attribute with a space in it:

<div id="heading important">An important heading</div>

Most likely this was meant to be a class attribute, like this:

<div class="heading important">An important heading</div>

References

  • © GitHub, Inc.
  • Terms
  • Privacy