It’s a bad idea because…
-
Best practice suggests a clear split between content, style and script. Muddying your HTML with inline JavaScript (or CSS) is not consistent with this.
-
You can bind only one event of each kind with
on*-style events , so you can’t have twoonclickevent handlers, for example. -
If an event is specified inline, the JS is specified as a string (attribute values are always strings) and evaluated when the event fires. Evaluation is evil.
-
You are faced with having to reference named functions. This is not always ideal (event handlers normally take anonymous functions) and has implications on the function needing to be globally accessible
-
Your content security policy (CSP) will have to be (unwisely) expanded to allow evaluated inline JavaScript.
In short, handle events centrally via the dedicated addEventListener API, or via jQuery or something.
[2021 Edit]
These days, reactive frameworks have somewhat reversed this trend; events in reactive frameworks are normally specified as attributes e.g. in Vue:
<p v-on:click=foo>Hello</p>
…where foo is a method of the current component’s data object.