Home/ Questions/Q 7646313
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-31T10:10:32+00:00

I am trying to understand how to include JavaScript externally so the code prints

  • 0

I am trying to understand how to include JavaScript externally so the code prints to the page.

When I insert the JavaScript directly into the page code, it prints “hello”

<html>
<head>
<title></title>
</head>
<body>
<script type="text/javascript">document.write("hello");</script>
</body>
</html>

However, when I put that same code into external file say “javascript.js” and include it (src) in the html it does not print “hello”?

<html>
<head>
<title></title>
<script type="text/javascript" src="http://thewebsite.com/javascript.js"></script>
</head>
<body>
</body>
</html>

I am trying to understand how to get that external JavaScript file to run and print “hello”.
How does XSS work then if a hacker was to include the following tag inside say a textarea to call his malicious script from malicious server?

<script type="text/javascript" src="http://thewebsite.com/javascript.js"></script>

Heres whats in the “javascript.js” file:

<script type="text/javascript">
document.write("hello");
</script>

The file is on the same domain so Same Origin Policy should not apply here and as mentioned if I directly insert code it does work but not when I try to include as separate file.

I thought including JavaScript as external file, should print the contents of the external file (i.e. “hello” in this case) as if it was directly inserted in html page?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I guess there is a policy enforced by browsers called Same Origin Policy which makes sure that JS from different domains does not access each others data when loaded in a single page. Lets say that you have a Google Ad and it has some Javascript in it. It wouldn’t be advisable if the script in Google Ads be able to access the data in your site (Vice-Versa but ofcourse you always have Google Ads or the Like button as iFrame and hence anyways they are most neatly seperated.)

    If you could load the js file as a src to image file then I suppose you can achieve what you intend to.(If I am not wrong.)

    Edit: The javascript file cannot be given as input to the src of img tag. You can only use it as javascript: scheme.

    • 0