I just switched the site over from b2evolution to Drupal. In migrating posts I needed to attach some javascript files to a blog-entry. As a security measure Drupal renames files with executable extensions "php|pl|py|cgi|asp|js", appending an underscore and a ".TXT" extension. That's reasonable. What's odd is that there is no setting to provide an override, either to specific users, or site-wide.

My initial question asking if there was a setting to override this security feature met with limited response, so a bit of research later here's what I came up with.