科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>http - What content-type's execute javascript in the browser? - Stack Overflow

    http - What content-type's execute javascript in the browser? - Stack Overflow

    programmeradmin1浏览0评论

    The page you are viewing right now has the HTTP header element of Content-type: text/html. HTML displayed normally and JavaScript will be executed. If you have a Content-Type: text/javascript then the JavaScript is not executed, it is only displayed.

    My question is: Are there content-type's other than text/html that will execute JavaScript? I wold like as plete of a list as possible for any mon browser (IE,Firefox,Chrome,Safari).

    The page you are viewing right now has the HTTP header element of Content-type: text/html. HTML displayed normally and JavaScript will be executed. If you have a Content-Type: text/javascript then the JavaScript is not executed, it is only displayed.

    My question is: Are there content-type's other than text/html that will execute JavaScript? I wold like as plete of a list as possible for any mon browser (IE,Firefox,Chrome,Safari).

    • javascript
    • http
    • browser
    Share Improve this question edited Jan 20, 2011 at 1:12 rook asked Jan 19, 2011 at 22:17 rookrook 67k38 gold badges166 silver badges246 bronze badges 6
    • 6 Maybe you mean which contents types are capable of making javascript execute? Because text/html doesn't execute jasvascript, the <script> tag within the document is one of the execution triggers. Keep in mind this list is potentially limitless when you consider browser plugins and extensions. – goat Commented Jan 19, 2011 at 22:24
    • @Rook Are you searching for an alternative? – Šime Vidas Commented Jan 19, 2011 at 22:38
    • @Šime Vidas @chris I need a list of all them, this is for QA purposes. – rook Commented Jan 19, 2011 at 22:39
    • @Rook Note that different browsers likely recognize different content types. I wouldn't be surprised if there is a big difference between IE and Safari (on Mac). Are you interested in a specific browser? – Šime Vidas Commented Jan 19, 2011 at 22:58
    • @Šime Vidas Any of the mon browsers. – rook Commented Jan 19, 2011 at 23:34
     |  Show 1 more ment

    5 Answers 5

    Reset to default 4

    I don't know of a full list, and it may well be that no such list exists publicly. You may have to find out for yourself. (Although I don't think anything speaks against setting up a test page with a number of iframes, and asking the SO munity to provide data with their respective browsers. It's been done before.)

    In Internet Explorer, this one should definitely be on the list:

    • application/hta for Hypertext Applications

    Candidates that I would test for (because it's conceivable a careless programmer might activate them for HTML parsing) include:

    • application/form-data
    • text/xhtml+xml (used to be proposed in 2000, no idea what happened to that)

    However, I tested those with both Chrome 9 and the latest Firefox, and they reject everything except text/html. Firefox shows them as downloadable resources instead, which I think eliminates them from your equation as any JS therein will be executed in the local context rather than the URL's. (IE is executing everything including text/plain for me, but I think that is a header mixup with my server.)

    If you want to go for hard-core sure for the Open Source browsers, check their source code or ask on their mailing lists/forums. I have a feeling the good ones have text/html hard-coded.

    Edit: Arrgh! Firefox, Chrome and IE parse HTML, and execute scripts, regardless of content type - I successfully managed to set Content-type: text/poppycock - when the resource's extension is .htm or .html. That means that you have to test not only for MIME types, but for file extensions (which should not play any role in HTTP) as well. Didn't know that - this was probably introduced to fix the output of broken web servers. Stuff like this is why I don't work in IT security :)

    All tests made on Windows 7.

    application/xhtml+xml would have to execute Javascript. That's the only one I can think of at the top of my head.

    This wouldn't be very useful. Javascript has no way to import other scripts, so your script would be isolated from libraries. The only way to tie them together is through HTML. Also, the input/output options are very limited without a document.

    PDF files can also execute javascript (application/pdf).

    Aswell as XML documents (application/xml), including SVG (image/svg+xml), for example:

    <?xml version="1.0" encoding="utf-8"?>
<document>
<script xmlns="http://www.w3/1999/xhtml" src="xml.js"></script>
</document>

    Have you tried application/javascript?

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论
    ok 不同模板 switch ($forum['model']) { /*case '0': include _include(APP_PATH . 'view/htm/read.htm'); break;*/ default: include _include(theme_load('read', $fid)); break; } } break; case '10': // 主题外链 / thread external link http_location(htmlspecialchars_decode(trim($thread['description']))); break; case '11': // 单页 / single page $attachlist = array(); $imagelist = array(); $thread['filelist'] = array(); $threadlist = NULL; $thread['files'] > 0 and list($attachlist, $imagelist, $thread['filelist']) = well_attach_find_by_tid($tid); $data = data_read_cache($tid); empty($data) and message(-1, lang('data_malformation')); $tidlist = $forum['threads'] ? page_find_by_fid($fid, $page, $pagesize) : NULL; if ($tidlist) { $tidarr = arrlist_values($tidlist, 'tid'); $threadlist = well_thread_find($tidarr, $pagesize); // 按之前tidlist排序 $threadlist = array2_sort_key($threadlist, $tidlist, 'tid'); } $allowpost = forum_access_user($fid, $gid, 'allowpost'); $allowupdate = forum_access_mod($fid, $gid, 'allowupdate'); $allowdelete = forum_access_mod($fid, $gid, 'allowdelete'); $access = array('allowpost' => $allowpost, 'allowupdate' => $allowupdate, 'allowdelete' => $allowdelete); $header['title'] = $thread['subject']; $header['mobile_link'] = $thread['url']; $header['keywords'] = $thread['keyword'] ? $thread['keyword'] : $thread['subject']; $header['description'] = $thread['description'] ? $thread['description'] : $thread['brief']; $_SESSION['fid'] = $fid; if ($ajax) { empty($conf['api_on']) and message(0, lang('closed')); $apilist['header'] = $header; $apilist['extra'] = $extra; $apilist['access'] = $access; $apilist['thread'] = well_thread_safe_info($thread); $apilist['thread_data'] = $data; $apilist['forum'] = $forum; $apilist['imagelist'] = $imagelist; $apilist['filelist'] = $thread['filelist']; $apilist['threadlist'] = $threadlist; message(0, $apilist); } else { include _include(theme_load('single_page', $fid)); } break; default: message(-1, lang('data_malformation')); break; } ?>