163

Based on the question jQuery code not working in IE, text/javascript is used in HTML documents so Internet Explorer can understand it.

But I’m wondering, when would you use application/javascript, and more importantly, why would you use it instead of text/javascript?

Sebastian Simon
  • 18,263
  • 7
  • 55
  • 75
Mark Baijens
  • 13,028
  • 11
  • 47
  • 73
  • possible dupe/explanation: http://stackoverflow.com/questions/876561/when-serving-javascript-files-is-it-better-to-use-the-application-javascript-or – Benn Nov 04 '10 at 21:10
  • See also http://stackoverflow.com/questions/2325571/for-http-responses-with-content-types-suggesting-character-data-which-charset-sh – Gumbo Nov 04 '10 at 21:38
  • possible duplicate of [What is the Javascript MIME Type? What belongs in the type attribute of a script tag?](http://stackoverflow.com/questions/189850/what-is-the-javascript-mime-type-what-belongs-in-the-type-attribute-of-a-script) – Bergi Jan 13 '14 at 18:47
  • Possible duplicate of [When serving JavaScript files, is it better to use the application/javascript or application/x-javascript](https://stackoverflow.com/questions/876561/when-serving-javascript-files-is-it-better-to-use-the-application-javascript-or) – Chuck Le Butt Apr 23 '18 at 14:15

5 Answers5

250

In theory, according to RFC 4329, application/javascript.

The reason it is supposed to be application is not anything to do with whether the type is readable or executable. It's because there are custom charset-determination mechanisms laid down by the language/type itself, rather than just the generic charset parameter. A subtype of text should be capable of being transcoded by a proxy to another charset, changing the charset parameter. This is not true of JavaScript because:

a. the RFC says user-agents should be doing BOM-sniffing on the script to determine type (I'm not sure if any browsers actually do this though);

b. browsers use other information—the including page's encoding and in some browsers the script charset attribute—to determine the charset. So any proxy that tried to transcode the resource would break its users. (Of course in reality no-one ever uses transcoding proxies anyway, but that was the intent.)

Therefore the exact bytes of the file must be preserved exactly, which makes it a binary application type and not technically character-based text.

For the same reason, application/xml is officially preferred over text/xml: XML has its own in-band charset signalling mechanisms. And everyone ignores application for XML, too.

text/javascript and text/xml may not be the official Right Thing, but there are what everyone uses today for compatibility reasons, and the reasons why they're not the right thing are practically speaking completely unimportant.

bobince
  • 528,062
  • 107
  • 651
  • 834
  • 4
    The most "compatibility" solution is not to include any content type in the response at all. RFC states that without an explicit content type, the receiver would interpret it *"by context"* which is always the correct behavior for all browsers right from the very first browsers – Pacerier Jun 01 '13 at 16:08
  • Be careful with `application/javascript` and IE running on compatibility mode with `IE=8`. Seems as if inline scripts are not properly evaluated. `text/javascript` works fine there. – Joscha Apr 16 '14 at 16:22
  • 2
    @Pacerier - I know this comment is 5 years old, but today it is often best to include mime types, particularly for forum type websites, for security reasons. Having the receiver interpret the type leaves one open to attack by uploading a malicious javascript file as an image, and then having the browser interpret and run that script. It is better to have the server return mime types for all responses and use the header `X-Content-Type-Options: nosniff` to prevent the browser from interpreting the type. – sammy_winter Sep 07 '18 at 16:20
  • @sammy_winter I see warnings like these everywhere and cringe every time. If I allowed users to upload content, I'd probably do more validation than "oh yeah, name matched regex for png file, I can trust that", wouldn't I? If incorrect header becomes a "security issue", the problem is maybe somewhere deeper, don't you think? This is the same as with hiding `Server: nginx` or whatever nginx sends. As if whoever is capable of finding a hole needs explicit header to know what server you run... –  Nov 28 '19 at 12:16
  • 1
    The WHATWG HTML standard seems to disagree with the IETF as to which MIME type _should_ be used. https://html.spec.whatwg.org/#scriptingLanguages But it doesn't matter in practice because of https://mimesniff.spec.whatwg.org/#javascript-mime-type – sengi Mar 05 '21 at 17:46
  • RFC9239 finally resolves this cross-standard disagreement by aligning with reality. `application/javascript` is now officially obsolete; ` text/javascript` is the only correct JavaScript MIME type. – Mathias Bynens May 07 '22 at 09:56
18

The problem with Javascript's MIME type is that there hasn't been a standard for years. Now we've got application/javascript as an official MIME type.

But actually, the MIME type doesn't matter at all, as the browser can determine the type itself. That's why the HTML5 specs state that the type="text/javascript" is no longer required.

Harmen
  • 22,092
  • 4
  • 54
  • 76
6

application because .js-Files aren't something a user wants to read but something that should get executed.

thejh
  • 44,854
  • 16
  • 96
  • 107
  • That's the official answer but IE chokes on it. – Benn Nov 04 '10 at 21:13
  • 20
    @Benn: Maybe because IE users have to read all the JS files because they don't execute properly? At least, it's honest by Microsoft ;) – thejh Nov 04 '10 at 21:15
  • Love your comment, but unfortunately people who can't read javascript still use IE so we have to deal with it :(. – Mark Baijens Nov 05 '10 at 12:27
  • 1
    I don't think whether or not you want to read it has anything to do with why. It has to do with how the data gets transcoded--or rather, whether it can be. – Zenexer Aug 02 '13 at 01:07
  • technically, HTML and CSS are also "executed" (parsed) by the browser to produce the result of the code as visual content and is not meant for the user to "read" it, so, this answer does not make much sense. I guess there is major confusion as to what is "text" and what is "application". If i could vote in this matter, i'd say the IETF should consider "text" contents as `text`, and `binary` as either `application` -OR the "purpose" of said type as in "image", or "document", etc. –  Mar 27 '16 at 23:31
4

There's been a lot of confusion and disagreement about this in the past, which other answers explain in some detail.

RFC9239 finally resolves this confusion by aligning with implementation reality. application/javascript is now officially obsolete; text/javascript is the only correct JavaScript MIME type.

Mathias Bynens
  • 144,855
  • 52
  • 216
  • 248
  • RFC4239 which are released April 2006 states text/javascript is obsolete, and the application/javascript is the way to go. But RFC9239 states the other way around. Since RFC9239 dated May 2022, it supposedly the one we adopt now, but these information got me confused at first :D – YudhiWidyatama Jul 04 '23 at 23:32
3

application/javascript is the correct type to use but since it's not supported by IE6-8 you're going to be stuck with text/javascript. If you don't care about validity (HTML5 excluded) then just don't specify a type.

Martlark
  • 14,208
  • 13
  • 83
  • 99
Radu
  • 8,561
  • 8
  • 55
  • 91
  • Where'd you get this? I'm pretty sure it's supported. Or, at least, it will be ignored. – Zenexer Jun 23 '13 at 21:19
  • @Zenexer read [his answer to another question](http://stackoverflow.com/a/4101106/124119). Seemingly IE compatibility means no `application/javascript`. – Camilo Martin Dec 21 '13 at 20:42
  • @CamiloMartin I use it fine with IE down to 6 all of the time. They just default to JavaScript. – Zenexer Dec 22 '13 at 02:19
  • @Zenexer Hm, strange. I wonder what was the problem about in the other Q&A. – Camilo Martin Dec 22 '13 at 02:28
  • @Zenexer It's been a while since I've had to deal with this but [here are some other accounts of this causing issues](http://stackoverflow.com/questions/189850/what-is-the-javascript-mime-type-what-belongs-in-the-type-attribute-of-a-script) with IE6-8. Not entirely sure why this only seems to matter some times but in my experience it has caused issues. – Radu Dec 23 '13 at 22:16