I am trying to refer a external javascript file by calling a function in that file as
<script type="text/javascript" src="external.js">
display('hell0');
</script>
But this code is not working. If i refer the file in separdate script tag it works fine.
<script type="text/javascript" src="external.js"></script>
<script type="text/javascript">
display('hell0');
</script>
Why the first case is not working?
If you use the src attribute to specify an external javascript file to be included you cannot have contents to this script tag. The second case is the correct way.
Quote from the specification:
The script may be defined within the
contents of the SCRIPT element or in
an external file. If the src attribute
is not set, user agents must interpret
the contents of the element as the
script. If the src has a URI value,
user agents must ignore the element's
contents and retrieve the script via
the URI
Related
I was wondering about the syntax of running external .js files, when you do it normally you just do
<script src=http://www.example.com/javascript.js></script>
but when running code in chrome (through the url bar), where the syntax is:
javascript:javascriptcodegoeshere
The <script> tags aren't included, so how can you launch a js file through using that?
You have four options.
You can put the actual code in the <script> block.
<script>
javascriptcodegoeshere
</script>
You can save the code in a file and refer to it.
<script src="http://www.example.com/javascript.js"></script>
You can put it as a data URL.
<script src="data:text/javascript,javascriptcodegoesgere"></script>
You can put it in a link if you want the user to launch the code.
link
I want to run a Javascript file in my page. If I embed it as a script inside of the HTML, it works. I mean, the following code works fine:
<html>
<script>
...
</script>
</html>
But when I reference an URL source (with the src attribute), it doesn't work:
<html>
<script type="text/javascript"
src="https://s3-sa-east-1.amazonaws.com/XXXXX/myJavascript.js">
</script>
</html>
When I put the URL in my browser, the code is displayed.
EDIT: Do I need some especial configuration in the Amazon S3 Servers in order to work with my Javascript files??? I just uploaded it and marked it as public resources, but I did nothing more.
I am trying to understand how to include JavaScript externally so the code prints to the page.
When I insert the JavaScript directly into the page code, it prints "hello"
<html>
<head>
<title></title>
</head>
<body>
<script type="text/javascript">document.write("hello");</script>
</body>
</html>
However, when I put that same code into external file say "javascript.js" and include it (src) in the html it does not print "hello"?
<html>
<head>
<title></title>
<script type="text/javascript" src="http://thewebsite.com/javascript.js"></script>
</head>
<body>
</body>
</html>
I am trying to understand how to get that external JavaScript file to run and print "hello".
How does XSS work then if a hacker was to include the following tag inside say a textarea to call his malicious script from malicious server?
<script type="text/javascript" src="http://thewebsite.com/javascript.js"></script>
Heres whats in the "javascript.js" file:
<script type="text/javascript">
document.write("hello");
</script>
The file is on the same domain so Same Origin Policy should not apply here and as mentioned if I directly insert code it does work but not when I try to include as separate file.
I thought including JavaScript as external file, should print the contents of the external file (i.e. "hello" in this case) as if it was directly inserted in html page?
When I insert the JavaScript directly into the page code, it prints "hello"
Correct
However, when I put that same code into external file say "javascript.js" and include it (src) in the html it does not print "hello"?
If the content isn't being written then, presumably, an error is being thrown instead. Check the error console for your browser.
The problem is that you are including the HTML script tags in the JavaScript file. JavaScript files should contain only JavaScript.
The file is on the same domain so Same Origin Policy should not apply here
It doesn't. The Same Origin Policy just prevents JavaScript running (not loaded from) Origin A from reading data from Origin B. Since the data is included in the script itself, it would still be available, even if the script was loaded from Origin B.
I guess there is a policy enforced by browsers called Same Origin Policy which makes sure that JS from different domains does not access each others data when loaded in a single page. Lets say that you have a Google Ad and it has some Javascript in it. It wouldn't be advisable if the script in Google Ads be able to access the data in your site (Vice-Versa but ofcourse you always have Google Ads or the Like button as iFrame and hence anyways they are most neatly seperated.)
If you could load the js file as a src to image file then I suppose you can achieve what you intend to.(If I am not wrong.)
Edit: The javascript file cannot be given as input to the src of img tag. You can only use it as javascript: scheme.
On an HTML page I have a reference to an external Javascript file like this:
<script src="http://MyServer.com/js/myscript.js?Happy=True"></script>
Inside the myscript.js when it runs, can I get the Happy=True QueryString-like part of the js source URL?
Note I do not want the URL of the HTML page, I need to get the URL of the js file.
My Guess is no.
You will be able to detect the src-attribute of the script-element(would be easier to locate if the <script> has an ID). Out of that URL you could extract the Query-String.
I insert an external .js file from another domain. Like this:
<script src="http://externaldomain.com/file.js" type="text/javascript"></script>
file.js is always the same, but it can be placed in different domains,
so I need to know what is the source of the file.
For example: file.js is in domain1.com, domain2.com and domain3.com.
If someone insert it like this: <script src="http://domain1.com/file.js" type="text/javascript"></script>
I want to know that the file is inserted from domain1.com
How to do it?
There's no reliable way of achieving this. Basically inside this file you will need to parse the DOM, search for all the <script> tags and when you find the one that corresponds to the inclusion of this javascript file parse the src attribute to extract the domain.