Refused to Execute a JavaScript Script. Source Code of Script Found Within Request

Refused to execute a JavaScript script. Source code of script found within request

It's a security measure to prevent XSS (cross-site scripting) attacks.

This happens when some JavaScript code is sent to the server via an HTTP POST request, and the same code comes back via the HTTP response. If Chrome detects this situation, the script is refused to run, and you get the error message Refused to execute a JavaScript script. Source code of script found within request.

Also see this blogpost about Security in Depth: New Security Features.

PHP Security and XSS attacks - Getting Error Refused to execute a JavaScript script. Source code of script found within request

When I tried this in Chrome I saw an error in the console:

Refused to execute a JavaScript script. Source code of script found within request.

So it's possible modern browsers do this check to prevent it. You should continue to sanitize your input regardless of course, but check your console and you will probably see this.

Twitter API: refused to execute a javascript

I fixed the issue myself by using a local JavaScript to parse the tweet. I downloaded the blogger.js, modified a bit (removed some styles) and uploaded it to my server. Now it's working like a charm.

Refused to execute script, strict MIME type checking is enabled?

You have a <script> element that is trying to load some external JavaScript.

The URL you have given it points to a JSON file and not a JavaScript program.

The server is correctly reporting that it is JSON so the browser is aborting with that error message instead of trying to execute the JSON as JavaScript (which would throw an error).

Odds are that the underlying reason for this is that you are trying to make an Ajax request, have hit a cross origin error and have tried to fix it by telling jQuery that you are using JSONP. This only works if the URL provides JSONP (which is a different subset of JavaScript), which this one doesn't.

The same URL with the additional query string parameter callback=the_name_of_your_callback_function does return JavaScript though.


Related Topics

External Template in Underscore

Changing the Default Title of Confirm() in JavaScript

Watch for Object Properties Changes in JavaScript

How to Access Parent Window Object Using Jquery

React - Getting a Component from a Dom Element for Debugging

Difference Between the JavaScript String Type and String Object

!Function(){ }() VS (Function(){ })()

How to Get the First Element of an Array

ASP.NET MVC 3 Razor: Include JavaScript File in the Head Tag

Angularjs: How to Run Additional Code After Angularjs Has Rendered a Template

Get Query String Parameters Url Values with Jquery/JavaScript (Querystring)

Solve Cross Origin Resource Sharing with Flask

Share Variables Between Files in Node.Js

What the Difference Between .Click and .Change on a Checkbox

How to Read a Text File from Server Using JavaScript

Put JavaScript in One .Js File or Break It Out into Multiple .Js Files

JavaScript to Check When the Browser Window Is Closed

Accessing the Content of Other Tabs in a Browser


Leave a reply



Submit