Example :

<div oncontextmenu="Function()">

The oncontextmenu event occurs when the user right-clicks on an element to open the context menu.

The async and defer attributes are boolean attributes that indicate how the script should be evaluated. Classic scripts may specify defer or async, but must not specify either unless the src attribute is present. Module scripts may specify the async attribute, but must not specify the defer attribute.

For classic scripts, if the async attribute is present, then the classic script will be fetched in parallel to parsing and evaluated as soon as it is available (potentially before parsing completes). If the async attribute is not present but the defer attribute is present, then the classic script will be fetched in parallel and evaluated when the page has finished parsing. If neither attribute is present, then the script is fetched and evaluated immediately, blocking parsing until these are both complete.

For module scripts, if the async attribute is present, then the module script and all its dependencies will be fetched in parallel to parsing, and the module script will be evaluated as soon as it is available (potentially before parsing completes). Otherwise, the module script and its dependencies will be fetched in parallel to parsing and evaluated when the page has finished parsing. (The defer attribute has no effect on module scripts.)

This is all summarized in the following schematic diagram:

crossorigin = " anonymous | use-credentials "

Mode of the CORS request:

anonymous - A cross-origin request is performed. No credentials are sent
use-credentials - A cross-origin request is performed. Credentials are sent (e.g. a cookie, a certificate, a HTTP Basic authentication)

The crossorigin attribute sets the mode of the request to an HTTP CORS Request.

Web pages often make requests to load resources on other servers. Here is where CORS comes in.

A cross-origin request is a request for a resource (e.g. style sheets, iframes, images, fonts, or scripts) from another domain.

CORS is used to manage cross-origin requests.

CORS stands for Cross-Origin Resource Sharing, and is a mechanism that allows resources on a web page to be requested from another domain outside their own domain. It defines a way of how a browser and server can interact to determine whether it is safe to allow the cross-origin request. CORS allows servers to specify who can access the assets on the server, among many other things.

Tip: The opposite of cross-origin requests is same-origin requests. This means that a web page can only interact with other documents that are also on the same server. This policy enforces that documents that interact with each other must have the same origin (domain).

integrity = " filehash "

Parameter :

filehash - The file hashing value of the external script file.

The integrity attribute allows a browser to check the fetched script to ensure that the code is never loaded if the source has been manipulated.

Subresource Integrity (SRI) is a W3C specification that allows web developers to ensure that resources hosted on third-party servers have not been altered. Use of SRI is recommended !

When using SRI, the webpage holds the hash and the server holds the file (the .js file in this case). The browser downloads the file, then checks it, to make sure that it is a match with the hash in the integrity attribute. If it matches, the file is used, and if not, the file is blocked.

You can use an online SRI hash generator to generate integrity hashes: SRI Hash Generator.

The referrerpolicy attribute specifies which referrer information to send when fetching a script.

Attribute Values

no-referrer

No referrer information is sent.

no-referrer-when-downgrade

Default. Sends the origin, path, and query string if the protocol security level stays the same or is higher (HTTP to HTTP, HTTPS to HTTPS, HTTP to HTTPS is ok). Sends nothing to less secure level (HTTPS to HTTP is not ok).

origin

Sends the origin (scheme, host, and port) of the document.

origin-when-cross-origin

Sends the origin of the document for cross-origin request. Sends the origin, path, and query string for same-origin request

same-origin

Sends a referrer for same-origin request. Sends no referrer for cross-origin request

strict-origin-when-cross-origin

Sends the origin if the protocol security level stays the same or is higher (HTTP to HTTP, HTTPS to HTTPS, and HTTP to HTTPS is ok). Sends nothing to less secure level (HTTPS to HTTP).

unsafe-url

Sends the origin, path, and query string (regardless of security). Use this value carefully !

<source srcset="URL">

The srcset attribute specifies the URL of the image to use in different situations.

This attribute is required when <source> is used in <picture>.

Possible values:

• An absolute URL - points to another web site (like href="http://www.example.com/flower.jpg")
• A relative URL - points to a file within a web site (like href="flower.jpg")

spellcheck=" true | false "

The spellcheck attribute specifies whether the element is to have its spelling and grammar checked or not.

The following can be spell-checked:

• Text values in input elements (not password)
• Text in <textarea> elements
• Text in editable elements

translate=" yes | no "

The translate attribute specifies whether the content of an element should be translated or not.

The poster attribute specifies an image to be shown while the video is downloading, or until the user hits the play button. If this is not included, the first frame of the video will be used instead.

The preload attribute specifies if and how the author thinks that the video should be loaded when the page loads.

The preload attribute allows the author to provide a hint to the browser about what he/she thinks will lead to the best user experience. This attribute may be ignored in some instances.

Note: The preload attribute is ignored if autoplay is present.