什么内容类型的在浏览器中的JavaScript执行？ [英] What content-type's execute javascript in the browser?

问题描述

您现在正在查看的页面有的内容类型的HTTP标头元素：text / html的。 HTML正常显示和JavaScript将被执行。如果你有一个内容类型：text / JavaScript的那么的JavaScript的不执行，它只是显示。

The page you are viewing right now has the HTTP header element of Content-type: text/html. HTML displayed normally and JavaScript will be executed. If you have a Content-Type: text/javascript then the JavaScript is not executed, it is only displayed.

我的问题是：是否有内容类型的比的text / html ，将执行JavaScript等？我喜欢尔德作为完整列表，尽可能为所有常见的浏览器（IE，火狐，Chrome，Safari浏览器）。

My question is: Are there content-type's other than text/html that will execute JavaScript? I wold like as complete of a list as possible for any common browser (IE,Firefox,Chrome,Safari).

推荐答案

我不知道的完整列表，并且很可能是因为没有这样的清单对公众存在。您可能必须找出自己。 （虽然我不认为有什么讲反对建立一个测试页面与一些内部框架，并要求SO社会提供的数据各自的浏览器。它已经做过的事情。）

I don't know of a full list, and it may well be that no such list exists publicly. You may have to find out for yourself. (Although I don't think anything speaks against setting up a test page with a number of iframes, and asking the SO community to provide data with their respective browsers. It's been done before.)

在Internet Explorer中，这个绝对应该在名单上：

In Internet Explorer, this one should definitely be on the list:

• 应用程序/ HTA 的的超文本应用程序

• application/hta for Hypertext Applications

考生，我会测试（因为这是可以想象一个不小心程序员可能激活它们的HTML解析）包括：

Candidates that I would test for (because it's conceivable a careless programmer might activate them for HTML parsing) include:

• 应用程序/ form-data的


• 文本/ xhtml + xml （以前是的建议在2000年，不知道发生了什么事了）

• application/form-data
• text/xhtml+xml (used to be proposed in 2000, no idea what happened to that)

不过，我测试过这些与铬9和最新的Firefox两者，他们拒绝除的text / html 的一切。火狐显示它们作为可下载的资源，而不是，我想从您的方程消除了他们作为任何JS内将在当地的环境，而不是URL的执行。 （IE正在执行的一切，包括text / plain的我，但我认为这是一个标题查询股价与我的服务器。）

However, I tested those with both Chrome 9 and the latest Firefox, and they reject everything except text/html. Firefox shows them as downloadable resources instead, which I think eliminates them from your equation as any JS therein will be executed in the local context rather than the URL's. (IE is executing everything including text/plain for me, but I think that is a header mixup with my server.)

如果你想要去的铁杆确保了开放源码的浏览器，检查它们的源$ C ​​$ C或询问他们的邮件列表/论坛。我有一种感觉的好的有的text / html 硬件codeD。

If you want to go for hard-core sure for the Open Source browsers, check their source code or ask on their mailing lists/forums. I have a feeling the good ones have text/html hard-coded.

编辑：Arrgh ！火狐，Chrome和IE浏览器解析HTML和执行脚本，而不管内容类型的 - 我成功地设法将内容类型：文本/胡说 - 当资源的扩展为.htm或.html 。这意味着，你必须测试不仅为MIME类型，但对于文件扩展名（这不应该在HTTP起到任何作用），以及。不知道 - 这可能是引入破镜重圆Web服务器的输出。像这样的东西就是为什么我不从事IT安全:)

Arrgh! Firefox, Chrome and IE parse HTML, and execute scripts, regardless of content type - I successfully managed to set Content-type: text/poppycock - when the resource's extension is .htm or .html. That means that you have to test not only for MIME types, but for file extensions (which should not play any role in HTTP) as well. Didn't know that - this was probably introduced to fix the output of broken web servers. Stuff like this is why I don't work in IT security :)

在Windows 7上。所做的所有测试

All tests made on Windows 7.

这篇关于什么内容类型的在浏览器中的JavaScript执行？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！