Skip to main content

Overview

The Custom Script Component enables you to insert custom JavaScript into QR Code landing pages.
It supports two modes of integration:
  • External scripts (e.g., Google Analytics, Facebook Pixel, chat widgets, etc.)
  • Inline scripts (executed directly within the landing page)
This component allows up to five (5) external scripts and a single inline script block for page customization.
⚠️ Note: Always ensure custom scripts follow Scanova’s security and content guidelines to prevent vulnerabilities such as XSS.

Properties

PropertyTypeRequiredDescription
externalarray<object>NoA list of external JavaScript URLs to be loaded on the page (max 5).
scriptstringNoInline JavaScript code to be executed directly on the page.

🧩 External Object

Sub-PropertyTypeRequiredDescription
urlstring✅ YesHTTPS link to the external JavaScript file (.js). Must be a valid URI.

Used In Categories

This component is used in the following QR Code categories:

Example Schema

{
  "$schema": "http://json-schema.org/draft-07/schema#",
  "title": "Custom Script Component",
  "description": "Schema to validate custom script component",
  "type": "object",
  "required": [],
  "additionalProperties": false,
  "properties": {
    "external": {
      "type": "array",
      "additionalProperties": false,
      "maxItems": 5,
      "$comment": "Allows 5 external links",
      "items": {
        "type": "object",
        "required": [
          "url"
        ],
        "additionalProperties": false,
        "properties": {
          "url": {
            "type": "string",
            "format": "uri",
            "pattern": "(https?://.*\\.(js))$"
          }
        }
      }
    },
    "script": {
      "type": "string"
    }
  }
}

Notes

  • You can include up to 5 external scripts via the external array.
  • All external scripts must be **publicly accessible HTTPS URLs ending with **.js.
  • Inline script should only include non-blocking JavaScript to maintain page load performance.
  • Scripts are sandboxed and validated for security — avoid DOM manipulation or unsafe global overrides.