@huangdengpan ,
This is a completely different issue than the thread you attached it to, so people may not see it. Especially since the original one went unanswered for six months.
What you're experiencing is by design for security purposes. You cannot upload JavaScript files to the course with an extension that the browser would interpret as JavaScript and try to execute.
Depending on what you want students to do with it, consider hosting it on another site and then either embedding that page within Canvas (so that it's inside the iframe sandbox that gets created when you embed content) or -- if you want them to view it but not execute it -- then change the extension to txt. If it's okay to share outside of a course, you could use one of the many code sharings sites (like codepen -- not an endorsement) and then link to it. That would give them the benefit of being able to play around with it and seeing it in action.
Again, all of that depends on what you want to do with the JavaScript. But having the ability to upload JavaScript and automatically run it is bad security. A student could easily upload JavaScript for an assignment and you could open it and then, acting as you, it makes API calls that on your behalf that do bad things like change grades, delete assignments, reset the course, etc.
