files/en-us/web/api/htmlscriptelement/text/index.md
{{APIRef("HTML DOM")}}
[!WARNING] This property represents the text content of a script element, which may be executable depending on the script type. APIs like this are known as injection sinks, and are potentially a vector for cross-site scripting (XSS) attacks.
You can mitigate this risk by always assigning {{domxref("TrustedScript")}} objects instead of strings and enforcing trusted types. See Security considerations for more information.
The text property of the {{domxref("HTMLScriptElement")}} interface represents the inline text content of the {{HTMLElement("script")}} element.
It behaves in the same way as the {{domxref("HTMLScriptElement.textContent","textContent")}} and {{domxref("HTMLScriptElement.innerText","innerText")}} property.
Getting the property returns a string containing the script's text.
Setting the property accepts either a {{domxref("TrustedScript")}} object or a string.
TypeError
The text property of the {{domxref("HTMLScriptElement")}} interface represents the text content inside the {{HTMLElement("script")}} element.
For an executable script (that is, a script whose {{domxref('HTMLScriptElement/type','type')}} indicates that it is a module or classic script), this text is inline executable code. For other types it might represent an import map, speculation rules, or some other kind of data block.
Note that if the {{domxref('HTMLScriptElement/src','src')}} property is set the content of the text property is ignored.
See security considerations in {{domxref("HTMLScriptElement.textContent")}} (the considerations are the same for text, textContent and innerText properties).
See the examples in {{domxref("HTMLScriptElement.textContent")}}.
{{Specifications}}
{{Compat}}