<script src="foo.HTML" type="text/javascript"> ???

[David D.]

Does the file extension matter when including a JavaScript file in an HTML
page?

Normally, one would include a JavaScript file in an HTML page using
<script src="foo.JS" type="text/javascript">

However, I have found that I can use an alternate file extension, such as
<script src="foo.HTML" type="text/javascript">

It works fine with my IE 6 and Mozilla. Will it work with other browsers?

- David D.

P.S., Why, you may ask, would I want to do such a crazy thing? My web site
host uses a web-based HTML editor. Unfortunately it only allows you to edit
files that have .HTM or .HTML extensions.

 

[McKirahan]

Does the file extension matter when including a JavaScript file in an HTML
page?

Normally, one would include a JavaScript file in an HTML page using
<script src="foo.JS" type="text/javascript">

However, I have found that I can use an alternate file extension, such as
<script src="foo.HTML" type="text/javascript">

It works fine with my IE 6 and Mozilla. Will it work with other browsers?

- David D.

P.S., Why, you may ask, would I want to do such a crazy thing? My web site
host uses a web-based HTML editor. Unfortunately it only allows you to edit
files that have .HTM or .HTML extensions.

AFAIK, any extension will work. In fact, ASP developers often assign ".asp"
as the extension which "hides" the source of the script; that is, a visitor
can't load the source code as a page by typing in the URL of the include.

 

[Hywel Jenkins]

AFAIK, any extension will work. In fact, ASP developers often assign ".asp"
as the extension which "hides" the source of the script; that is, a visitor
can't load the source code as a page by typing in the URL of the include.

Does that hide any client-side code. Surely the ASP engine only parses
any code that's in the ASP delimiters. Got a demo URL of this
behaviour?

 

[Dietmar Meier]

However, I have found that I can use an alternate file extension,
such as <script src="foo.HTML" type="text/javascript">

It works fine with my IE 6 and Mozilla. Will it work with other
browsers?

It will work on old Netscape browsers (3.x) only if the web server
sends the correct MIME type "application/x-javascript". Maybe the
execution in other browsers does also depend on the sent MIME type,
but in MSIE 4+, Netscape 4+, and Mozilla/Firefox it certainly does
not.

ciao, dhgm

 

[McKirahan]

include.

Does that hide any client-side code. Surely the ASP engine only parses
any code that's in the ASP delimiters. Got a demo URL of this
behaviour?

http://www.planetsourcecode.com/vb/scripts/ShowCode.asp?txtCodeId=7252&lngWI
d=4

"Prevent unauthorized viewing of website javascript and style sheet files.
Simply rename all your style and javascript files to the .asp extension."

However, they're still in the browser's cache.


I can't remember but here's a skeleton of it:

<< includer.asp >>

<% Const cASP = "includer.asp" %>
<html>
<head>
<title><%=cASP%></title>
</head>
<body>
<script type="text/javascript" src="included.asp"></script>
</body>
</html>


<< included.asp >>

<% {something} %>
document.write("included.asp");


Perhaps I should just say "Nevermind!" as I'm not sure anymore.

Maybe someone else will jump in...

 

[Spats30]

Any modern browser doesn't care what the extention is. Just be sure to
keep the type="text/javascript" attribute in the script tag, so that
the browser knows what it expects.

In E-commerce, I have often used the looping feature of a server-side
language category listing page, in JSP, PHP or whatever, to create
external JS files that document.write() out options for a drop down
menu on other pages. The server grabs all the necessary info from the
database table, and the JSP page will print out the proper JS for you.

You're external script src tag could look like this, then:

<script src="/mypath/category.jsp?id=12345"
type="text/javascript"></script>
Thus, you sort of have dynamic javascript.

 

[Hywel Jenkins]

http://www.planetsourcecode.com/vb/scripts/ShowCode.asp?txtCodeId=7252&lngWI
d=4

"Prevent unauthorized viewing of website javascript and style sheet files.
Simply rename all your style and javascript files to the .asp extension."

However, they're still in the browser's cache.

There's more to it that just renaming your files. I just tested it, and
the browser simply displays the JavaScript source:
http://www50.brinkster.com/hyweljenkins/asptest.asp

 

[Michael Winter]

[snip]

AFAIK, any extension will work.

Of course. Browsers shouldn't care about extensions, only the MIME type
sent by the server (though we know that isn't always the case). However,
the server will care about the extension as that's used to determine the
file type and hence the MIME type sent. Using an extension associated with
a different type probably isn't a good idea. At least with server-side
languages you can send your own Content-Type header.

In fact, ASP developers often assign ".asp" as the extension which
"hides" the source of the script; that is, a visitor can't load the
source code as a page by typing in the URL of the include.

The only "solution" I can think of at the moment along those lines is to
check the Referer [sic] header and make sure that it contains the domain
for the site. However, relying on an optional header[1] is a stupid thing
to do.

Mike


[1] Users can usually prevent the inclusion of the Referer header as a
privacy option.

 

[McKirahan]

[snip]

AFAIK, any extension will work.

Of course. Browsers shouldn't care about extensions, only the MIME type
sent by the server (though we know that isn't always the case). However,
the server will care about the extension as that's used to determine the
file type and hence the MIME type sent. Using an extension associated with
a different type probably isn't a good idea. At least with server-side
languages you can send your own Content-Type header.

In fact, ASP developers often assign ".asp" as the extension which
"hides" the source of the script; that is, a visitor can't load the
source code as a page by typing in the URL of the include.

The only "solution" I can think of at the moment along those lines is to
check the Referer [sic] header and make sure that it contains the domain
for the site. However, relying on an optional header[1] is a stupid thing
to do.

Mike


[1] Users can usually prevent the inclusion of the Referer header as a
privacy option.

Thanks for reminding me.

Here's what I used a few years ago:

<%
If Request.ServerVariables("HTTP_HOST") <> "localhost" Then
If Trim(Request.ServerVariables("HTTP_REFERER")) = "" Then

Response.Write("<html><head><title>Failed</title></head><body></body></html>
")
Response.End
End If
End If
%>

This was at the beginning of JavaScript "include" files with an ".asp"
extension.

I stopped using it because Norton's Firewall blocks the HTTP_REFERER.