<script src="foo.HTML" type="text/javascript"> ???

Collapse
This topic is closed.
X
X
 
  • Time
  • Show
Clear All
new posts
  • David D.

    <script src="foo.HTML" type="text/javascript"> ???

    Does the file extension matter when including a JavaScript file in an HTML
    page?

    Normally, one would include a JavaScript file in an HTML page using
    <script src="foo.JS" type="text/javascript">

    However, I have found that I can use an alternate file extension, such as
    <script src="foo.HTML" type="text/javascript">

    It works fine with my IE 6 and Mozilla. Will it work with other browsers?

    - David D.

    P.S., Why, you may ask, would I want to do such a crazy thing? My web site
    host uses a web-based HTML editor. Unfortunately it only allows you to edit
    files that have .HTM or .HTML extensions.




  • McKirahan

    #2
    Re: &lt;script src=&quot;foo.H TML&quot; type=&quot;text/javascript&quot ;&gt; ???

    "David D." <daviddiamond.r emove-if-not-spam@comcast.ne t> wrote in message
    news:x9idnQ6c8M sDZW3cRVn-3Q@comcast.com. ..[color=blue]
    > Does the file extension matter when including a JavaScript file in an HTML
    > page?
    >
    > Normally, one would include a JavaScript file in an HTML page using
    > <script src="foo.JS" type="text/javascript">
    >
    > However, I have found that I can use an alternate file extension, such as
    > <script src="foo.HTML" type="text/javascript">
    >
    > It works fine with my IE 6 and Mozilla. Will it work with other browsers?
    >
    > - David D.
    >
    > P.S., Why, you may ask, would I want to do such a crazy thing? My web[/color]
    site[color=blue]
    > host uses a web-based HTML editor. Unfortunately it only allows you to[/color]
    edit[color=blue]
    > files that have .HTM or .HTML extensions.[/color]

    AFAIK, any extension will work. In fact, ASP developers often assign ".asp"
    as the extension which "hides" the source of the script; that is, a visitor
    can't load the source code as a page by typing in the URL of the include.


    Comment

    • Hywel Jenkins

      #3
      Re: &lt;script src=&quot;foo.H TML&quot; type=&quot;text/javascript&quot ;&gt; ???

      In article <7oudnZ5Jp_PqnG zcRVn-oQ@comcast.com> , News@McKirahan. com
      says...[color=blue]
      > "David D." <daviddiamond.r emove-if-not-spam@comcast.ne t> wrote in message
      > news:x9idnQ6c8M sDZW3cRVn-3Q@comcast.com. ..[color=green]
      > > Does the file extension matter when including a JavaScript file in an HTML
      > > page?
      > >
      > > Normally, one would include a JavaScript file in an HTML page using
      > > <script src="foo.JS" type="text/javascript">
      > >
      > > However, I have found that I can use an alternate file extension, such as
      > > <script src="foo.HTML" type="text/javascript">
      > >
      > > It works fine with my IE 6 and Mozilla. Will it work with other browsers?
      > >
      > > - David D.
      > >
      > > P.S., Why, you may ask, would I want to do such a crazy thing? My web[/color]
      > site[color=green]
      > > host uses a web-based HTML editor. Unfortunately it only allows you to[/color]
      > edit[color=green]
      > > files that have .HTM or .HTML extensions.[/color]
      >
      > AFAIK, any extension will work. In fact, ASP developers often assign ".asp"
      > as the extension which "hides" the source of the script; that is, a visitor
      > can't load the source code as a page by typing in the URL of the include.[/color]

      Does that hide any client-side code. Surely the ASP engine only parses
      any code that's in the ASP delimiters. Got a demo URL of this
      behaviour?

      --
      Hywel http://kibo.org.uk/
      I do not eat quiche.

      Comment

      • Dietmar Meier

        #4
        Re: &lt;script src=&quot;foo.H TML&quot; type=&quot;text/javascript&quot ;&gt; ???

        David D. wrote:
        [color=blue]
        > However, I have found that I can use an alternate file extension,
        > such as <script src="foo.HTML" type="text/javascript">
        >
        > It works fine with my IE 6 and Mozilla. Will it work with other
        > browsers?[/color]

        It will work on old Netscape browsers (3.x) only if the web server
        sends the correct MIME type "applicatio n/x-javascript". Maybe the
        execution in other browsers does also depend on the sent MIME type,
        but in MSIE 4+, Netscape 4+, and Mozilla/Firefox it certainly does
        not.

        ciao, dhgm

        Comment

        • McKirahan

          #5
          Re: &lt;script src=&quot;foo.H TML&quot; type=&quot;text/javascript&quot ;&gt; ???

          "Hywel Jenkins" <hyweljenkins@h otmail.com> wrote in message
          news:MPG.1c5b15 d31bc749f989792 @news.individua l.net...[color=blue]
          > In article <7oudnZ5Jp_PqnG zcRVn-oQ@comcast.com> , News@McKirahan. com
          > says...[color=green]
          > > "David D." <daviddiamond.r emove-if-not-spam@comcast.ne t> wrote in[/color][/color]
          message[color=blue][color=green]
          > > news:x9idnQ6c8M sDZW3cRVn-3Q@comcast.com. ..[color=darkred]
          > > > Does the file extension matter when including a JavaScript file in an[/color][/color][/color]
          HTML[color=blue][color=green][color=darkred]
          > > > page?
          > > >
          > > > Normally, one would include a JavaScript file in an HTML page using
          > > > <script src="foo.JS" type="text/javascript">
          > > >
          > > > However, I have found that I can use an alternate file extension, such[/color][/color][/color]
          as[color=blue][color=green][color=darkred]
          > > > <script src="foo.HTML" type="text/javascript">
          > > >
          > > > It works fine with my IE 6 and Mozilla. Will it work with other[/color][/color][/color]
          browsers?[color=blue][color=green][color=darkred]
          > > >
          > > > - David D.
          > > >
          > > > P.S., Why, you may ask, would I want to do such a crazy thing? My[/color][/color][/color]
          web[color=blue][color=green]
          > > site[color=darkred]
          > > > host uses a web-based HTML editor. Unfortunately it only allows you[/color][/color][/color]
          to[color=blue][color=green]
          > > edit[color=darkred]
          > > > files that have .HTM or .HTML extensions.[/color]
          > >
          > > AFAIK, any extension will work. In fact, ASP developers often assign[/color][/color]
          ".asp"[color=blue][color=green]
          > > as the extension which "hides" the source of the script; that is, a[/color][/color]
          visitor[color=blue][color=green]
          > > can't load the source code as a page by typing in the URL of the[/color][/color]
          include.[color=blue]
          >
          > Does that hide any client-side code. Surely the ASP engine only parses
          > any code that's in the ASP delimiters. Got a demo URL of this
          > behaviour?
          >
          > --
          > Hywel http://kibo.org.uk/
          > I do not eat quiche.[/color]



          d=4

          "Prevent unauthorized viewing of website javascript and style sheet files.
          Simply rename all your style and javascript files to the .asp extension."

          However, they're still in the browser's cache.


          I can't remember but here's a skeleton of it:

          << includer.asp >>

          <% Const cASP = "includer.a sp" %>
          <html>
          <head>
          <title><%=cASP% ></title>
          </head>
          <body>
          <script type="text/javascript" src="included.a sp"></script>
          </body>
          </html>


          << included.asp >>

          <% {something} %>
          document.write( "included.asp") ;


          Perhaps I should just say "Nevermind! " as I'm not sure anymore.

          Maybe someone else will jump in...


          Comment

          • David Given

            #6
            Re: &lt;script src=&quot;foo.H TML&quot; type=&quot;text/javascript&quot ;&gt; ???

            McKirahan wrote:
            [...][color=blue]
            > I can't remember but here's a skeleton of it:[/color]

            Can you point us at an example that actually uses this? Because I can't see
            how this can possibly work.

            In order for your web browser to execute the Javascript code, it has to be
            downloaded, which means anything can download it.

            --
            +- David Given --McQ-+ "I must have spent at least ten minutes out of my
            | dg@cowlark.com | life talking to this joker like he was a sane
            | (dg@tao-group.com) | person. I want a refund." --- Louann Miller, on
            +- www.cowlark.com --+ rasfw

            Comment

            • Spats30

              #7
              Re: &lt;script src=&quot;foo.H TML&quot; type=&quot;text/javascript&quot ;&gt; ???

              Any modern browser doesn't care what the extention is. Just be sure to
              keep the type="text/javascript" attribute in the script tag, so that
              the browser knows what it expects.

              In E-commerce, I have often used the looping feature of a server-side
              language category listing page, in JSP, PHP or whatever, to create
              external JS files that document.write( ) out options for a drop down
              menu on other pages. The server grabs all the necessary info from the
              database table, and the JSP page will print out the proper JS for you.

              You're external script src tag could look like this, then:

              <script src="/mypath/category.jsp?id =12345"
              type="text/javascript"></script>
              Thus, you sort of have dynamic javascript.

              Comment

              • Hywel Jenkins

                #8
                Re: &lt;script src=&quot;foo.H TML&quot; type=&quot;text/javascript&quot ;&gt; ???

                In article <xsmdnbdQ9oHbjW zcRVn-2A@comcast.com> , News@McKirahan. com
                says...[color=blue]
                > "Hywel Jenkins" <hyweljenkins@h otmail.com> wrote in message
                > news:MPG.1c5b15 d31bc749f989792 @news.individua l.net...[color=green]
                > > In article <7oudnZ5Jp_PqnG zcRVn-oQ@comcast.com> , News@McKirahan. com
                > > says...[color=darkred]
                > > > "David D." <daviddiamond.r emove-if-not-spam@comcast.ne t> wrote in[/color][/color]
                > message[color=green][color=darkred]
                > > > news:x9idnQ6c8M sDZW3cRVn-3Q@comcast.com. ..
                > > > > Does the file extension matter when including a JavaScript file in an[/color][/color]
                > HTML[color=green][color=darkred]
                > > > > page?
                > > > >
                > > > > Normally, one would include a JavaScript file in an HTML page using
                > > > > <script src="foo.JS" type="text/javascript">
                > > > >
                > > > > However, I have found that I can use an alternate file extension, such[/color][/color]
                > as[color=green][color=darkred]
                > > > > <script src="foo.HTML" type="text/javascript">
                > > > >
                > > > > It works fine with my IE 6 and Mozilla. Will it work with other[/color][/color]
                > browsers?[color=green][color=darkred]
                > > > >
                > > > > - David D.
                > > > >
                > > > > P.S., Why, you may ask, would I want to do such a crazy thing? My[/color][/color]
                > web[color=green][color=darkred]
                > > > site
                > > > > host uses a web-based HTML editor. Unfortunately it only allows you[/color][/color]
                > to[color=green][color=darkred]
                > > > edit
                > > > > files that have .HTM or .HTML extensions.
                > > >
                > > > AFAIK, any extension will work. In fact, ASP developers often assign[/color][/color]
                > ".asp"[color=green][color=darkred]
                > > > as the extension which "hides" the source of the script; that is, a[/color][/color]
                > visitor[color=green][color=darkred]
                > > > can't load the source code as a page by typing in the URL of the[/color][/color]
                > include.[color=green]
                > >
                > > Does that hide any client-side code. Surely the ASP engine only parses
                > > any code that's in the ASP delimiters. Got a demo URL of this
                > > behaviour?
                > >
                > > --
                > > Hywel http://kibo.org.uk/
                > > I do not eat quiche.[/color]
                >
                >
                > http://www.planetsourcecode.com/vb/s...eId=7252&lngWI
                > d=4
                >
                > "Prevent unauthorized viewing of website javascript and style sheet files.
                > Simply rename all your style and javascript files to the .asp extension."
                >
                > However, they're still in the browser's cache.[/color]

                There's more to it that just renaming your files. I just tested it, and
                the browser simply displays the JavaScript source:


                --
                Hywel http://kibo.org.uk/
                I do not eat quiche.

                Comment

                • Michael Winter

                  #9
                  Re: &lt;script src=&quot;foo.H TML&quot; type=&quot;text/javascript&quot ;&gt; ???

                  On Fri, 21 Jan 2005 07:21:20 -0600, McKirahan <News@McKirahan .com> wrote:

                  [snip]
                  [color=blue]
                  > AFAIK, any extension will work.[/color]

                  Of course. Browsers shouldn't care about extensions, only the MIME type
                  sent by the server (though we know that isn't always the case). However,
                  the server will care about the extension as that's used to determine the
                  file type and hence the MIME type sent. Using an extension associated with
                  a different type probably isn't a good idea. At least with server-side
                  languages you can send your own Content-Type header.
                  [color=blue]
                  > In fact, ASP developers often assign ".asp" as the extension which
                  > "hides" the source of the script; that is, a visitor can't load the
                  > source code as a page by typing in the URL of the include.[/color]

                  The only "solution" I can think of at the moment along those lines is to
                  check the Referer [sic] header and make sure that it contains the domain
                  for the site. However, relying on an optional header[1] is a stupid thing
                  to do.

                  Mike


                  [1] Users can usually prevent the inclusion of the Referer header as a
                  privacy option.

                  --
                  Michael Winter
                  Replace ".invalid" with ".uk" to reply by e-mail.

                  Comment

                  • McKirahan

                    #10
                    Re: &lt;script src=&quot;foo.H TML&quot; type=&quot;text/javascript&quot ;&gt; ???

                    "Michael Winter" <M.Winter@bluey onder.co.invali d> wrote in message
                    news:opsky0l7g8 x13kvk@atlantis ...[color=blue]
                    > On Fri, 21 Jan 2005 07:21:20 -0600, McKirahan <News@McKirahan .com> wrote:
                    >
                    > [snip]
                    >[color=green]
                    > > AFAIK, any extension will work.[/color]
                    >
                    > Of course. Browsers shouldn't care about extensions, only the MIME type
                    > sent by the server (though we know that isn't always the case). However,
                    > the server will care about the extension as that's used to determine the
                    > file type and hence the MIME type sent. Using an extension associated with
                    > a different type probably isn't a good idea. At least with server-side
                    > languages you can send your own Content-Type header.
                    >[color=green]
                    > > In fact, ASP developers often assign ".asp" as the extension which
                    > > "hides" the source of the script; that is, a visitor can't load the
                    > > source code as a page by typing in the URL of the include.[/color]
                    >
                    > The only "solution" I can think of at the moment along those lines is to
                    > check the Referer [sic] header and make sure that it contains the domain
                    > for the site. However, relying on an optional header[1] is a stupid thing
                    > to do.
                    >
                    > Mike
                    >
                    >
                    > [1] Users can usually prevent the inclusion of the Referer header as a
                    > privacy option.
                    >
                    > --
                    > Michael Winter
                    > Replace ".invalid" with ".uk" to reply by e-mail.[/color]

                    Thanks for reminding me.

                    Here's what I used a few years ago:

                    <%
                    If Request.ServerV ariables("HTTP_ HOST") <> "localhost" Then
                    If Trim(Request.Se rverVariables(" HTTP_REFERER")) = "" Then

                    Response.Write( "<html><head><t itle>Failed</title></head><body></body></html>
                    ")
                    Response.End
                    End If
                    End If
                    %>

                    This was at the beginning of JavaScript "include" files with an ".asp"
                    extension.

                    I stopped using it because Norton's Firewall blocks the HTTP_REFERER.


                    Comment

                    Working...