398,769 Members | 1,970 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 398,769 IT Pros & Developers. It's quick & easy.

<script src="foo.HTML" type="text/javascript"> ???

David D.
P: n/a
Does the file extension matter when including a JavaScript file in an HTML
page?

Normally, one would include a JavaScript file in an HTML page using
<script src="foo.JS" type="text/javascript">

However, I have found that I can use an alternate file extension, such as
<script src="foo.HTML" type="text/javascript">

It works fine with my IE 6 and Mozilla. Will it work with other browsers?

- David D.

P.S., Why, you may ask, would I want to do such a crazy thing? My web site
host uses a web-based HTML editor. Unfortunately it only allows you to edit
files that have .HTM or .HTML extensions.


Jul 23 '05 #1
Share this Question
Share on Google+
9 Replies


McKirahan
P: n/a
"David D." <daviddiamond.remove-if-not-spam@comcast.net> wrote in message
news:x9idnQ6c8MsDZW3cRVn-3Q@comcast.com...
Does the file extension matter when including a JavaScript file in an HTML
page?

Normally, one would include a JavaScript file in an HTML page using
<script src="foo.JS" type="text/javascript">

However, I have found that I can use an alternate file extension, such as
<script src="foo.HTML" type="text/javascript">

It works fine with my IE 6 and Mozilla. Will it work with other browsers?

- David D.

P.S., Why, you may ask, would I want to do such a crazy thing? My web site host uses a web-based HTML editor. Unfortunately it only allows you to edit files that have .HTM or .HTML extensions.


AFAIK, any extension will work. In fact, ASP developers often assign ".asp"
as the extension which "hides" the source of the script; that is, a visitor
can't load the source code as a page by typing in the URL of the include.
Jul 23 '05 #2

Hywel Jenkins
P: n/a
In article <7oudnZ5Jp_PqnGzcRVn-oQ@comcast.com>, News@McKirahan.com
says...
"David D." <daviddiamond.remove-if-not-spam@comcast.net> wrote in message
news:x9idnQ6c8MsDZW3cRVn-3Q@comcast.com...
Does the file extension matter when including a JavaScript file in an HTML
page?

Normally, one would include a JavaScript file in an HTML page using
<script src="foo.JS" type="text/javascript">

However, I have found that I can use an alternate file extension, such as
<script src="foo.HTML" type="text/javascript">

It works fine with my IE 6 and Mozilla. Will it work with other browsers?

- David D.

P.S., Why, you may ask, would I want to do such a crazy thing? My web

site
host uses a web-based HTML editor. Unfortunately it only allows you to

edit
files that have .HTM or .HTML extensions.


AFAIK, any extension will work. In fact, ASP developers often assign ".asp"
as the extension which "hides" the source of the script; that is, a visitor
can't load the source code as a page by typing in the URL of the include.


Does that hide any client-side code. Surely the ASP engine only parses
any code that's in the ASP delimiters. Got a demo URL of this
behaviour?

--
Hywel http://kibo.org.uk/
I do not eat quiche.
Jul 23 '05 #3

Dietmar Meier
P: n/a
David D. wrote:
However, I have found that I can use an alternate file extension,
such as <script src="foo.HTML" type="text/javascript">

It works fine with my IE 6 and Mozilla. Will it work with other
browsers?


It will work on old Netscape browsers (3.x) only if the web server
sends the correct MIME type "application/x-javascript". Maybe the
execution in other browsers does also depend on the sent MIME type,
but in MSIE 4+, Netscape 4+, and Mozilla/Firefox it certainly does
not.

ciao, dhgm
Jul 23 '05 #4

McKirahan
P: n/a
"Hywel Jenkins" <hyweljenkins@hotmail.com> wrote in message
news:MPG.1c5b15d31bc749f989792@news.individual.net ...
In article <7oudnZ5Jp_PqnGzcRVn-oQ@comcast.com>, News@McKirahan.com
says...
"David D." <daviddiamond.remove-if-not-spam@comcast.net> wrote in message news:x9idnQ6c8MsDZW3cRVn-3Q@comcast.com...
Does the file extension matter when including a JavaScript file in an HTML page?

Normally, one would include a JavaScript file in an HTML page using
<script src="foo.JS" type="text/javascript">

However, I have found that I can use an alternate file extension, such as <script src="foo.HTML" type="text/javascript">

It works fine with my IE 6 and Mozilla. Will it work with other browsers?
- David D.

P.S., Why, you may ask, would I want to do such a crazy thing? My
web site
host uses a web-based HTML editor. Unfortunately it only allows you
to edit
files that have .HTM or .HTML extensions.
AFAIK, any extension will work. In fact, ASP developers often assign ".asp" as the extension which "hides" the source of the script; that is, a visitor can't load the source code as a page by typing in the URL of the

include.
Does that hide any client-side code. Surely the ASP engine only parses
any code that's in the ASP delimiters. Got a demo URL of this
behaviour?

--
Hywel http://kibo.org.uk/
I do not eat quiche.

http://www.planetsourcecode.com/vb/s...eId=7252&lngWI
d=4

"Prevent unauthorized viewing of website javascript and style sheet files.
Simply rename all your style and javascript files to the .asp extension."

However, they're still in the browser's cache.
I can't remember but here's a skeleton of it:

<< includer.asp >>

<% Const cASP = "includer.asp" %>
<html>
<head>
<title><%=cASP%></title>
</head>
<body>
<script type="text/javascript" src="included.asp"></script>
</body>
</html>
<< included.asp >>

<% {something} %>
document.write("included.asp");
Perhaps I should just say "Nevermind!" as I'm not sure anymore.

Maybe someone else will jump in...
Jul 23 '05 #5

David Given
P: n/a
McKirahan wrote:
[...]
I can't remember but here's a skeleton of it:


Can you point us at an example that actually uses this? Because I can't see
how this can possibly work.

In order for your web browser to execute the Javascript code, it has to be
downloaded, which means anything can download it.

--
+- David Given --McQ-+ "I must have spent at least ten minutes out of my
| dg@cowlark.com | life talking to this joker like he was a sane
| (dg@tao-group.com) | person. I want a refund." --- Louann Miller, on
+- www.cowlark.com --+ rasfw

Jul 23 '05 #6

Spats30
P: n/a
Any modern browser doesn't care what the extention is. Just be sure to
keep the type="text/javascript" attribute in the script tag, so that
the browser knows what it expects.

In E-commerce, I have often used the looping feature of a server-side
language category listing page, in JSP, PHP or whatever, to create
external JS files that document.write() out options for a drop down
menu on other pages. The server grabs all the necessary info from the
database table, and the JSP page will print out the proper JS for you.

You're external script src tag could look like this, then:

<script src="/mypath/category.jsp?id=12345"
type="text/javascript"></script>
Thus, you sort of have dynamic javascript.

Jul 23 '05 #7

Hywel Jenkins
P: n/a
In article <xsmdnbdQ9oHbjWzcRVn-2A@comcast.com>, News@McKirahan.com
says...
"Hywel Jenkins" <hyweljenkins@hotmail.com> wrote in message
news:MPG.1c5b15d31bc749f989792@news.individual.net ...
In article <7oudnZ5Jp_PqnGzcRVn-oQ@comcast.com>, News@McKirahan.com
says...
"David D." <daviddiamond.remove-if-not-spam@comcast.net> wrote in message news:x9idnQ6c8MsDZW3cRVn-3Q@comcast.com...
> Does the file extension matter when including a JavaScript file in an HTML > page?
>
> Normally, one would include a JavaScript file in an HTML page using
> <script src="foo.JS" type="text/javascript">
>
> However, I have found that I can use an alternate file extension, such as > <script src="foo.HTML" type="text/javascript">
>
> It works fine with my IE 6 and Mozilla. Will it work with other browsers? >
> - David D.
>
> P.S., Why, you may ask, would I want to do such a crazy thing? My web site
> host uses a web-based HTML editor. Unfortunately it only allows you to edit
> files that have .HTM or .HTML extensions.

AFAIK, any extension will work. In fact, ASP developers often assign ".asp" as the extension which "hides" the source of the script; that is, a visitor can't load the source code as a page by typing in the URL of the

include.

Does that hide any client-side code. Surely the ASP engine only parses
any code that's in the ASP delimiters. Got a demo URL of this
behaviour?

--
Hywel http://kibo.org.uk/
I do not eat quiche.

http://www.planetsourcecode.com/vb/s...eId=7252&lngWI
d=4

"Prevent unauthorized viewing of website javascript and style sheet files.
Simply rename all your style and javascript files to the .asp extension."

However, they're still in the browser's cache.


There's more to it that just renaming your files. I just tested it, and
the browser simply displays the JavaScript source:
http://www50.brinkster.com/hyweljenkins/asptest.asp

--
Hywel http://kibo.org.uk/
I do not eat quiche.
Jul 23 '05 #8

Michael Winter
P: n/a
On Fri, 21 Jan 2005 07:21:20 -0600, McKirahan <News@McKirahan.com> wrote:

[snip]
AFAIK, any extension will work.
Of course. Browsers shouldn't care about extensions, only the MIME type
sent by the server (though we know that isn't always the case). However,
the server will care about the extension as that's used to determine the
file type and hence the MIME type sent. Using an extension associated with
a different type probably isn't a good idea. At least with server-side
languages you can send your own Content-Type header.
In fact, ASP developers often assign ".asp" as the extension which
"hides" the source of the script; that is, a visitor can't load the
source code as a page by typing in the URL of the include.


The only "solution" I can think of at the moment along those lines is to
check the Referer [sic] header and make sure that it contains the domain
for the site. However, relying on an optional header[1] is a stupid thing
to do.

Mike
[1] Users can usually prevent the inclusion of the Referer header as a
privacy option.

--
Michael Winter
Replace ".invalid" with ".uk" to reply by e-mail.
Jul 23 '05 #9

McKirahan
P: n/a
"Michael Winter" <M.Winter@blueyonder.co.invalid> wrote in message
news:opsky0l7g8x13kvk@atlantis...
On Fri, 21 Jan 2005 07:21:20 -0600, McKirahan <News@McKirahan.com> wrote:

[snip]
AFAIK, any extension will work.


Of course. Browsers shouldn't care about extensions, only the MIME type
sent by the server (though we know that isn't always the case). However,
the server will care about the extension as that's used to determine the
file type and hence the MIME type sent. Using an extension associated with
a different type probably isn't a good idea. At least with server-side
languages you can send your own Content-Type header.
In fact, ASP developers often assign ".asp" as the extension which
"hides" the source of the script; that is, a visitor can't load the
source code as a page by typing in the URL of the include.


The only "solution" I can think of at the moment along those lines is to
check the Referer [sic] header and make sure that it contains the domain
for the site. However, relying on an optional header[1] is a stupid thing
to do.

Mike
[1] Users can usually prevent the inclusion of the Referer header as a
privacy option.

--
Michael Winter
Replace ".invalid" with ".uk" to reply by e-mail.


Thanks for reminding me.

Here's what I used a few years ago:

<%
If Request.ServerVariables("HTTP_HOST") <> "localhost" Then
If Trim(Request.ServerVariables("HTTP_REFERER")) = "" Then

Response.Write("<html><head><title>Failed</title></head><body></body></html>
")
Response.End
End If
End If
%>

This was at the beginning of JavaScript "include" files with an ".asp"
extension.

I stopped using it because Norton's Firewall blocks the HTTP_REFERER.
Jul 23 '05 #10

This discussion thread is closed

Replies have been disabled for this discussion.