«

Does the file extension matter when including a JavaScript file in an HTML
page?

Normally, one would include a JavaScript file in an HTML page using
<script src="foo.JS" type="text/javascript">

However, I have found that I can use an alternate file extension, such as
<script src="foo.HTML" type="text/javascript">

It works fine with my IE 6 and Mozilla. Will it work with other browsers?

- David D.

P.S., Why, you may ask, would I want to do such a crazy thing? My web site
host uses a web-based HTML editor. Unfortunately it only allows you to edit
files that have .HTM or .HTML extensions.

"David D." <daviddiamond.remove-if-not-> wrote in message
news9idnQ6c8MsDZW3cRVn-...
> Does the file extension matter when including a JavaScript file in an HTML
> page?
>
> Normally, one would include a JavaScript file in an HTML page using
> <script src="foo.JS" type="text/javascript">
>
> However, I have found that I can use an alternate file extension, such as
> <script src="foo.HTML" type="text/javascript">
>
> It works fine with my IE 6 and Mozilla. Will it work with other browsers?
>
> - David D.
>
> P.S., Why, you may ask, would I want to do such a crazy thing? My web
site
> host uses a web-based HTML editor. Unfortunately it only allows you to
edit
> files that have .HTM or .HTML extensions.

AFAIK, any extension will work. In fact, ASP developers often assign ".asp"
as the extension which "hides" the source of the script; that is, a visitor
can't load the source code as a page by typing in the URL of the include.

In article <7oudnZ5Jp_PqnGzcRVn->,
says...
> "David D." <daviddiamond.remove-if-not-> wrote in message
> news9idnQ6c8MsDZW3cRVn-...
> > Does the file extension matter when including a JavaScript file in an HTML
> > page?
> >
> > Normally, one would include a JavaScript file in an HTML page using
> > <script src="foo.JS" type="text/javascript">
> >
> > However, I have found that I can use an alternate file extension, such as
> > <script src="foo.HTML" type="text/javascript">
> >
> > It works fine with my IE 6 and Mozilla. Will it work with other browsers?
> >
> > - David D.
> >
> > P.S., Why, you may ask, would I want to do such a crazy thing? My web
> site
> > host uses a web-based HTML editor. Unfortunately it only allows you to
> edit
> > files that have .HTM or .HTML extensions.
>
> AFAIK, any extension will work. In fact, ASP developers often assign ".asp"
> as the extension which "hides" the source of the script; that is, a visitor
> can't load the source code as a page by typing in the URL of the include.

Does that hide any client-side code. Surely the ASP engine only parses
any code that's in the ASP delimiters. Got a demo URL of this
behaviour?

--
Hywel http://kibo.org.uk/
I do not eat quiche.

David D. wrote:

> However, I have found that I can use an alternate file extension,
> such as <script src="foo.HTML" type="text/javascript">
>
> It works fine with my IE 6 and Mozilla. Will it work with other
> browsers?

It will work on old Netscape browsers (3.x) only if the web server
sends the correct MIME type "application/x-javascript". Maybe the
execution in other browsers does also depend on the sent MIME type,
but in MSIE 4+, Netscape 4+, and Mozilla/Firefox it certainly does
not.

ciao, dhgm

"Hywel Jenkins" <> wrote in message
news: ...
> In article <7oudnZ5Jp_PqnGzcRVn->,
> says...
> > "David D." <daviddiamond.remove-if-not-> wrote in
message
> > news9idnQ6c8MsDZW3cRVn-...
> > > Does the file extension matter when including a JavaScript file in an
HTML
> > > page?
> > >
> > > Normally, one would include a JavaScript file in an HTML page using
> > > <script src="foo.JS" type="text/javascript">
> > >
> > > However, I have found that I can use an alternate file extension, such
as
> > > <script src="foo.HTML" type="text/javascript">
> > >
> > > It works fine with my IE 6 and Mozilla. Will it work with other
browsers?
> > >
> > > - David D.
> > >
> > > P.S., Why, you may ask, would I want to do such a crazy thing? My
web
> > site
> > > host uses a web-based HTML editor. Unfortunately it only allows you
to
> > edit
> > > files that have .HTM or .HTML extensions.
> >
> > AFAIK, any extension will work. In fact, ASP developers often assign
".asp"
> > as the extension which "hides" the source of the script; that is, a
visitor
> > can't load the source code as a page by typing in the URL of the
include.
>
> Does that hide any client-side code. Surely the ASP engine only parses
> any code that's in the ASP delimiters. Got a demo URL of this
> behaviour?
>
> --
> Hywel http://kibo.org.uk/
> I do not eat quiche.


http://www.planetsourcecode.com/vb/s...eId=7252&lngWI
d=4

"Prevent unauthorized viewing of website javascript and style sheet files.
Simply rename all your style and javascript files to the .asp extension."

However, they're still in the browser's cache.


I can't remember but here's a skeleton of it:

<< includer.asp >>

<% Const cASP = "includer.asp" %>
<html>
<head>
<title><%=cASP%></title>
</head>
<body>
<script type="text/javascript" src="included.asp"></script>
</body>
</html>


<< included.asp >>

<% {something} %>
document.write("included.asp");


Perhaps I should just say "Nevermind!" as I'm not sure anymore.

Maybe someone else will jump in...

Any modern browser doesn't care what the extention is. Just be sure to
keep the type="text/javascript" attribute in the script tag, so that
the browser knows what it expects.

In E-commerce, I have often used the looping feature of a server-side
language category listing page, in JSP, PHP or whatever, to create
external JS files that document.write() out options for a drop down
menu on other pages. The server grabs all the necessary info from the
database table, and the JSP page will print out the proper JS for you.

You're external script src tag could look like this, then:

<script src="/mypath/category.jsp?id=12345"
type="text/javascript"></script>
Thus, you sort of have dynamic javascript.

In article <xsmdnbdQ9oHbjWzcRVn->,
says...
> "Hywel Jenkins" <> wrote in message
> news: ...
> > In article <7oudnZ5Jp_PqnGzcRVn->,
> > says...
> > > "David D." <daviddiamond.remove-if-not-> wrote in
> message
> > > news9idnQ6c8MsDZW3cRVn-...
> > > > Does the file extension matter when including a JavaScript file in an
> HTML
> > > > page?
> > > >
> > > > Normally, one would include a JavaScript file in an HTML page using
> > > > <script src="foo.JS" type="text/javascript">
> > > >
> > > > However, I have found that I can use an alternate file extension, such
> as
> > > > <script src="foo.HTML" type="text/javascript">
> > > >
> > > > It works fine with my IE 6 and Mozilla. Will it work with other
> browsers?
> > > >
> > > > - David D.
> > > >
> > > > P.S., Why, you may ask, would I want to do such a crazy thing? My
> web
> > > site
> > > > host uses a web-based HTML editor. Unfortunately it only allows you
> to
> > > edit
> > > > files that have .HTM or .HTML extensions.
> > >
> > > AFAIK, any extension will work. In fact, ASP developers often assign
> ".asp"
> > > as the extension which "hides" the source of the script; that is, a
> visitor
> > > can't load the source code as a page by typing in the URL of the
> include.
> >
> > Does that hide any client-side code. Surely the ASP engine only parses
> > any code that's in the ASP delimiters. Got a demo URL of this
> > behaviour?
> >
> > --
> > Hywel http://kibo.org.uk/
> > I do not eat quiche.
>
>
> http://www.planetsourcecode.com/vb/s...eId=7252&lngWI
> d=4
>
> "Prevent unauthorized viewing of website javascript and style sheet files.
> Simply rename all your style and javascript files to the .asp extension."
>
> However, they're still in the browser's cache.

There's more to it that just renaming your files. I just tested it, and
the browser simply displays the JavaScript source:
http://www50.brinkster.com/hyweljenkins/asptest.asp

--
Hywel http://kibo.org.uk/
I do not eat quiche.

On Fri, 21 Jan 2005 07:21:20 -0600, McKirahan <> wrote:

[snip]

> AFAIK, any extension will work.

Of course. Browsers shouldn't care about extensions, only the MIME type
sent by the server (though we know that isn't always the case). However,
the server will care about the extension as that's used to determine the
file type and hence the MIME type sent. Using an extension associated with
a different type probably isn't a good idea. At least with server-side
languages you can send your own Content-Type header.

> In fact, ASP developers often assign ".asp" as the extension which
> "hides" the source of the script; that is, a visitor can't load the
> source code as a page by typing in the URL of the include.

The only "solution" I can think of at the moment along those lines is to
check the Referer [sic] header and make sure that it contains the domain
for the site. However, relying on an optional header[1] is a stupid thing
to do.

Mike


[1] Users can usually prevent the inclusion of the Referer header as a
privacy option.

--
Michael Winter
Replace ".invalid" with ".uk" to reply by e-mail.

"Michael Winter" <> wrote in message
newspsky0l7g8x13kvk@atlantis...
> On Fri, 21 Jan 2005 07:21:20 -0600, McKirahan <> wrote:
>
> [snip]
>
> > AFAIK, any extension will work.
>
> Of course. Browsers shouldn't care about extensions, only the MIME type
> sent by the server (though we know that isn't always the case). However,
> the server will care about the extension as that's used to determine the
> file type and hence the MIME type sent. Using an extension associated with
> a different type probably isn't a good idea. At least with server-side
> languages you can send your own Content-Type header.
>
> > In fact, ASP developers often assign ".asp" as the extension which
> > "hides" the source of the script; that is, a visitor can't load the
> > source code as a page by typing in the URL of the include.
>
> The only "solution" I can think of at the moment along those lines is to
> check the Referer [sic] header and make sure that it contains the domain
> for the site. However, relying on an optional header[1] is a stupid thing
> to do.
>
> Mike
>
>
> [1] Users can usually prevent the inclusion of the Referer header as a
> privacy option.
>
> --
> Michael Winter
> Replace ".invalid" with ".uk" to reply by e-mail.

Thanks for reminding me.

Here's what I used a few years ago:

<%
If Request.ServerVariables("HTTP_HOST") <> "localhost" Then
If Trim(Request.ServerVariables("HTTP_REFERER")) = "" Then

Response.Write("<html><head><title>Failed</title></head><body></body></html>
")
Response.End
End If
End If
%>

This was at the beginning of JavaScript "include" files with an ".asp"
extension.

I stopped using it because Norton's Firewall blocks the HTTP_REFERER.