<script src="foo.HTML" type="text/javascript"> ???

Discussion in 'Javascript' started by David D., Jan 21, 2005.

  1. David D.

    David D. Guest

    Does the file extension matter when including a JavaScript file in an HTML
    page?

    Normally, one would include a JavaScript file in an HTML page using
    <script src="foo.JS" type="text/javascript">

    However, I have found that I can use an alternate file extension, such as
    <script src="foo.HTML" type="text/javascript">

    It works fine with my IE 6 and Mozilla. Will it work with other browsers?

    - David D.

    P.S., Why, you may ask, would I want to do such a crazy thing? My web site
    host uses a web-based HTML editor. Unfortunately it only allows you to edit
    files that have .HTM or .HTML extensions.
    David D., Jan 21, 2005
    #1
    1. Advertising

  2. David D.

    McKirahan Guest

    "David D." <> wrote in message
    news:...
    > Does the file extension matter when including a JavaScript file in an HTML
    > page?
    >
    > Normally, one would include a JavaScript file in an HTML page using
    > <script src="foo.JS" type="text/javascript">
    >
    > However, I have found that I can use an alternate file extension, such as
    > <script src="foo.HTML" type="text/javascript">
    >
    > It works fine with my IE 6 and Mozilla. Will it work with other browsers?
    >
    > - David D.
    >
    > P.S., Why, you may ask, would I want to do such a crazy thing? My web

    site
    > host uses a web-based HTML editor. Unfortunately it only allows you to

    edit
    > files that have .HTM or .HTML extensions.


    AFAIK, any extension will work. In fact, ASP developers often assign ".asp"
    as the extension which "hides" the source of the script; that is, a visitor
    can't load the source code as a page by typing in the URL of the include.
    McKirahan, Jan 21, 2005
    #2
    1. Advertising

  3. In article <>,
    says...
    > "David D." <> wrote in message
    > news:...
    > > Does the file extension matter when including a JavaScript file in an HTML
    > > page?
    > >
    > > Normally, one would include a JavaScript file in an HTML page using
    > > <script src="foo.JS" type="text/javascript">
    > >
    > > However, I have found that I can use an alternate file extension, such as
    > > <script src="foo.HTML" type="text/javascript">
    > >
    > > It works fine with my IE 6 and Mozilla. Will it work with other browsers?
    > >
    > > - David D.
    > >
    > > P.S., Why, you may ask, would I want to do such a crazy thing? My web

    > site
    > > host uses a web-based HTML editor. Unfortunately it only allows you to

    > edit
    > > files that have .HTM or .HTML extensions.

    >
    > AFAIK, any extension will work. In fact, ASP developers often assign ".asp"
    > as the extension which "hides" the source of the script; that is, a visitor
    > can't load the source code as a page by typing in the URL of the include.


    Does that hide any client-side code. Surely the ASP engine only parses
    any code that's in the ASP delimiters. Got a demo URL of this
    behaviour?

    --
    Hywel http://kibo.org.uk/
    I do not eat quiche.
    Hywel Jenkins, Jan 21, 2005
    #3
  4. David D. wrote:

    > However, I have found that I can use an alternate file extension,
    > such as <script src="foo.HTML" type="text/javascript">
    >
    > It works fine with my IE 6 and Mozilla. Will it work with other
    > browsers?


    It will work on old Netscape browsers (3.x) only if the web server
    sends the correct MIME type "application/x-javascript". Maybe the
    execution in other browsers does also depend on the sent MIME type,
    but in MSIE 4+, Netscape 4+, and Mozilla/Firefox it certainly does
    not.

    ciao, dhgm
    Dietmar Meier, Jan 21, 2005
    #4
  5. David D.

    McKirahan Guest

    "Hywel Jenkins" <> wrote in message
    news:...
    > In article <>,
    > says...
    > > "David D." <> wrote in

    message
    > > news:...
    > > > Does the file extension matter when including a JavaScript file in an

    HTML
    > > > page?
    > > >
    > > > Normally, one would include a JavaScript file in an HTML page using
    > > > <script src="foo.JS" type="text/javascript">
    > > >
    > > > However, I have found that I can use an alternate file extension, such

    as
    > > > <script src="foo.HTML" type="text/javascript">
    > > >
    > > > It works fine with my IE 6 and Mozilla. Will it work with other

    browsers?
    > > >
    > > > - David D.
    > > >
    > > > P.S., Why, you may ask, would I want to do such a crazy thing? My

    web
    > > site
    > > > host uses a web-based HTML editor. Unfortunately it only allows you

    to
    > > edit
    > > > files that have .HTM or .HTML extensions.

    > >
    > > AFAIK, any extension will work. In fact, ASP developers often assign

    ".asp"
    > > as the extension which "hides" the source of the script; that is, a

    visitor
    > > can't load the source code as a page by typing in the URL of the

    include.
    >
    > Does that hide any client-side code. Surely the ASP engine only parses
    > any code that's in the ASP delimiters. Got a demo URL of this
    > behaviour?
    >
    > --
    > Hywel http://kibo.org.uk/
    > I do not eat quiche.



    http://www.planetsourcecode.com/vb/scripts/ShowCode.asp?txtCodeId=7252&lngWI
    d=4

    "Prevent unauthorized viewing of website javascript and style sheet files.
    Simply rename all your style and javascript files to the .asp extension."

    However, they're still in the browser's cache.


    I can't remember but here's a skeleton of it:

    << includer.asp >>

    <% Const cASP = "includer.asp" %>
    <html>
    <head>
    <title><%=cASP%></title>
    </head>
    <body>
    <script type="text/javascript" src="included.asp"></script>
    </body>
    </html>


    << included.asp >>

    <% {something} %>
    document.write("included.asp");


    Perhaps I should just say "Nevermind!" as I'm not sure anymore.

    Maybe someone else will jump in...
    McKirahan, Jan 21, 2005
    #5
  6. David D.

    Spats30 Guest

    Any modern browser doesn't care what the extention is. Just be sure to
    keep the type="text/javascript" attribute in the script tag, so that
    the browser knows what it expects.

    In E-commerce, I have often used the looping feature of a server-side
    language category listing page, in JSP, PHP or whatever, to create
    external JS files that document.write() out options for a drop down
    menu on other pages. The server grabs all the necessary info from the
    database table, and the JSP page will print out the proper JS for you.

    You're external script src tag could look like this, then:

    <script src="/mypath/category.jsp?id=12345"
    type="text/javascript"></script>
    Thus, you sort of have dynamic javascript.
    Spats30, Jan 21, 2005
    #6
  7. In article <>,
    says...
    > "Hywel Jenkins" <> wrote in message
    > news:...
    > > In article <>,
    > > says...
    > > > "David D." <> wrote in

    > message
    > > > news:...
    > > > > Does the file extension matter when including a JavaScript file in an

    > HTML
    > > > > page?
    > > > >
    > > > > Normally, one would include a JavaScript file in an HTML page using
    > > > > <script src="foo.JS" type="text/javascript">
    > > > >
    > > > > However, I have found that I can use an alternate file extension, such

    > as
    > > > > <script src="foo.HTML" type="text/javascript">
    > > > >
    > > > > It works fine with my IE 6 and Mozilla. Will it work with other

    > browsers?
    > > > >
    > > > > - David D.
    > > > >
    > > > > P.S., Why, you may ask, would I want to do such a crazy thing? My

    > web
    > > > site
    > > > > host uses a web-based HTML editor. Unfortunately it only allows you

    > to
    > > > edit
    > > > > files that have .HTM or .HTML extensions.
    > > >
    > > > AFAIK, any extension will work. In fact, ASP developers often assign

    > ".asp"
    > > > as the extension which "hides" the source of the script; that is, a

    > visitor
    > > > can't load the source code as a page by typing in the URL of the

    > include.
    > >
    > > Does that hide any client-side code. Surely the ASP engine only parses
    > > any code that's in the ASP delimiters. Got a demo URL of this
    > > behaviour?
    > >
    > > --
    > > Hywel http://kibo.org.uk/
    > > I do not eat quiche.

    >
    >
    > http://www.planetsourcecode.com/vb/scripts/ShowCode.asp?txtCodeId=7252&lngWI
    > d=4
    >
    > "Prevent unauthorized viewing of website javascript and style sheet files.
    > Simply rename all your style and javascript files to the .asp extension."
    >
    > However, they're still in the browser's cache.


    There's more to it that just renaming your files. I just tested it, and
    the browser simply displays the JavaScript source:
    http://www50.brinkster.com/hyweljenkins/asptest.asp

    --
    Hywel http://kibo.org.uk/
    I do not eat quiche.
    Hywel Jenkins, Jan 21, 2005
    #7
  8. On Fri, 21 Jan 2005 07:21:20 -0600, McKirahan <> wrote:

    [snip]

    > AFAIK, any extension will work.


    Of course. Browsers shouldn't care about extensions, only the MIME type
    sent by the server (though we know that isn't always the case). However,
    the server will care about the extension as that's used to determine the
    file type and hence the MIME type sent. Using an extension associated with
    a different type probably isn't a good idea. At least with server-side
    languages you can send your own Content-Type header.

    > In fact, ASP developers often assign ".asp" as the extension which
    > "hides" the source of the script; that is, a visitor can't load the
    > source code as a page by typing in the URL of the include.


    The only "solution" I can think of at the moment along those lines is to
    check the Referer [sic] header and make sure that it contains the domain
    for the site. However, relying on an optional header[1] is a stupid thing
    to do.

    Mike


    [1] Users can usually prevent the inclusion of the Referer header as a
    privacy option.

    --
    Michael Winter
    Replace ".invalid" with ".uk" to reply by e-mail.
    Michael Winter, Jan 21, 2005
    #8
  9. David D.

    McKirahan Guest

    "Michael Winter" <> wrote in message
    news:eek:psky0l7g8x13kvk@atlantis...
    > On Fri, 21 Jan 2005 07:21:20 -0600, McKirahan <> wrote:
    >
    > [snip]
    >
    > > AFAIK, any extension will work.

    >
    > Of course. Browsers shouldn't care about extensions, only the MIME type
    > sent by the server (though we know that isn't always the case). However,
    > the server will care about the extension as that's used to determine the
    > file type and hence the MIME type sent. Using an extension associated with
    > a different type probably isn't a good idea. At least with server-side
    > languages you can send your own Content-Type header.
    >
    > > In fact, ASP developers often assign ".asp" as the extension which
    > > "hides" the source of the script; that is, a visitor can't load the
    > > source code as a page by typing in the URL of the include.

    >
    > The only "solution" I can think of at the moment along those lines is to
    > check the Referer [sic] header and make sure that it contains the domain
    > for the site. However, relying on an optional header[1] is a stupid thing
    > to do.
    >
    > Mike
    >
    >
    > [1] Users can usually prevent the inclusion of the Referer header as a
    > privacy option.
    >
    > --
    > Michael Winter
    > Replace ".invalid" with ".uk" to reply by e-mail.


    Thanks for reminding me.

    Here's what I used a few years ago:

    <%
    If Request.ServerVariables("HTTP_HOST") <> "localhost" Then
    If Trim(Request.ServerVariables("HTTP_REFERER")) = "" Then

    Response.Write("<html><head><title>Failed</title></head><body></body></html>
    ")
    Response.End
    End If
    End If
    %>

    This was at the beginning of JavaScript "include" files with an ".asp"
    extension.

    I stopped using it because Norton's Firewall blocks the HTTP_REFERER.
    McKirahan, Jan 21, 2005
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Steve Richter

    <txt src= ...> equivalent of <img src= ...>

    Steve Richter, Feb 8, 2006, in forum: ASP .Net
    Replies:
    3
    Views:
    2,061
    Laurent Bugnion
    Feb 9, 2006
  2. Greg Johnson
    Replies:
    4
    Views:
    3,049
  3. Replies:
    1
    Views:
    1,600
    Alex Hunsley
    Mar 23, 2007
  4. pheadxdll
    Replies:
    16
    Views:
    3,613
    Neredbojias
    Jun 6, 2007
  5. joe
    Replies:
    3
    Views:
    355
    Jeremy J Starcher
    Apr 15, 2008
Loading...

Share This Page