diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index c279b3fb4e5..a5ab772b795 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -7709,7 +7709,7 @@ function getAdvancedPreviewUrl($modulepart, $relativepath, $alldata = 0, $param
 
 	if ($alldata == 1)
 	{
-		if (isAllowedForPreview) return array('target'=>'_blank', 'css'=>'documentpreview', 'url'=>DOL_URL_ROOT.'/document.php?modulepart='.$modulepart.'&attachment=0&file='.urlencode($relativepath).($param?'&'.$param:''), 'mime'=>dol_mimetype($relativepath), );
+		if ($isAllowedForPreview) return array('target'=>'_blank', 'css'=>'documentpreview', 'url'=>DOL_URL_ROOT.'/document.php?modulepart='.$modulepart.'&attachment=0&file='.urlencode($relativepath).($param?'&'.$param:''), 'mime'=>dol_mimetype($relativepath), );
 		else return array();
 	}
 
diff --git a/htdocs/document.php b/htdocs/document.php
index ccd404f7315..a55ca1fd895 100644
--- a/htdocs/document.php
+++ b/htdocs/document.php
@@ -160,7 +160,7 @@ $type = 'application/octet-stream';	// By default
 if (GETPOST('type', 'alpha')) $type=GETPOST('type', 'alpha');
 else $type=dol_mimetype($original_file);
 // Security: Force to octet-stream if file is a dangerous file. For example when it is a .noexe file
-if (!dolIsAllowedForPreview($original_file)) {
+if (!in_array($type, array('text/x-javascript')) && !dolIsAllowedForPreview($original_file)) {
 	$type = 'application/octet-stream';
 }
 // Security: Delete string ../ into $original_file