Closed Bug 229341 Opened 21 years ago Closed 20 years ago

JavaScript nogo when used as an external script

Categories

(Core :: DOM: HTML Parser, defect)

defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 68193

People

(Reporter: artooro, Unassigned)

References

()

Details

User-Agent:       Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7a) Gecko/20031223 Firebird/0.7+
Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7a) Gecko/20031223 Firebird/0.7+

The JavaScript located at http://acal.awiebe.com/Demo1.5/date.js does not work
when used on a web page using <script type="JavaScript" src="../date.js"></script>
But when the script is embeded right in the web page it works. This doesn't make
any sense to me.

Reproducible: Always

Steps to Reproduce:
1. Go to the test url above
2. There is a small vertical line and div with nothing inside because the
JavaScript doesn't work

Actual Results:  
No date where it should be.

Expected Results:  
The date shoud have appeared.

I was surprised that no bug like this has been filed yet, if there is than
sorry. I couldn't find any.
Do you really want *any* external javascript to access the resources of your
computer?

http://www.mozilla.org/projects/security/components/reviewguide.html
http://www.mozilla.org/js/scripting/
That server times out for me for both the HTML and the JS.  Is there a site
that's actually reachable that shows the problem?
My server is down. I can't get it back up for now since it's in another city so I took the url away. 
Sorry about this. I'll see if I can get another test case up on another server.
How can this be a security issue? The web page accessing the date from my computer?
It's not at all a security issue.  Please ignore comment 1.

The bug here is that the page is using a script type that Mozilla does not
recognize.  The "type" attribute should be the MIME type of the script, not the
scripting language (which is what the "language" attribute is for).  Since the
type of the script is not recognized, the script is not executed.  Which is correct.
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → INVALID
ok, I forgot that I was supposed to put the MIME type as the value of the type attribute. So I did 
now. I used <script type="text/javascript"></script>
But it still doesn't work.
Yes, but now you're calling document.write in a non-HTML document (the MIME type
your server sends is application/xhtml+xml).  document.write is not supported in
XML and probably never will be...  The JS console reports the error for this, if
you look there.
Sorry, But I didn't get that comment. My server sends out text/html for .shtml pages, I just checked 
to make sure. It seems that Mozilla just assumes that it's application/xhtml+xml because the page 
is standards compliant. Maybe I should break it and do something in the page that's not valid, and 
see if it works? Or change the doctype to HTML 4.01 instead of XHTML 1.0.
No, that's NOT what your server sends.  Here is a typical interaction with your
server (via telnet to port 80):

~% telnet acal.awiebe.com 80
Trying 216.99.108.26...
Connected to jakek26.nerdsonline.com (216.99.108.26).
Escape character is '^]'.
GET /Demo1.5/2005/January.shtml HTTP/1.1
Accept: text/html, application/xhtml+xml
Host: acal.awiebe.com

HTTP/1.1 200 OK
Date: Wed, 24 Dec 2003 22:05:43 GMT
Server: Apache/1.3.27 (Unix)  (Red-Hat/Linux)
Vary: Accept
Transfer-Encoding: chunked
Content-Type: application/xhtml+xml

Note what the "Content-Type" header in the response is.

I'm not sure how you did your checking, but the server is most definitely not
sending text/html for this page.

Note that having "application/xhtml+xml" in the Accept header here is key; if
the client does not send that, the server indeed returns text/html for this page.
Status: RESOLVED → UNCONFIRMED
Resolution: INVALID → ---

*** This bug has been marked as a duplicate of 68193 ***
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago20 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.