diff --git a/public/main.js b/public/main.js
new file mode 100644
index 000000000..fd3b228d3
--- /dev/null
+++ b/public/main.js
@@ -0,0 +1,55 @@
+function doXHR(aURL, aBodyObj, aAlertText, aDebug=true) {
+  return new Promise((resolve) => {
+    let xhr = new XMLHttpRequest();
+    xhr.onreadystatechange = function() {
+      if (this.readyState == 4 && this.status == 200) {
+        if (aAlertText) {
+          alert(aAlertText);
+        }
+        if (aDebug) {
+          let responseDumpElt = document.getElementById("responseDump");
+          responseDumpElt.appendChild(
+            document.createTextNode(xhr.response));
+          responseDumpElt.appendChild(
+            document.createElement("hr"));
+          responseDumpElt.appendChild(
+            document.createElement("br"));
+        }
+        resolve(xhr.response);
+      }
+    };
+    xhr.open("POST", aURL, true);
+    xhr.setRequestHeader("Content-Type", "application/json;charset=UTF-8");
+    xhr.send(JSON.stringify(aBodyObj));
+  });
+}
+
+function addUser() {
+  doXHR("/user/add",
+        { email: document.getElementById("addUserField").value })
+    .then(function() {
+      alert("A verification link has been emailed to the specified address.");
+    });
+}
+
+function removeUser() {
+  doXHR("/user/remove",
+        { email: document.getElementById("removeUserField").value });
+}
+
+function simulateBreach() {
+  doXHR("/user/breached",
+        { emails: document.getElementById("breachUsersInput").value.split(",").map(e => e.trim()) });
+}
+
+function clearUserList() {
+  doXHR("/user/reset", {});
+}
+
+function dumpUserList() {
+  doXHR("/user/list", {});
+}
+
+function doOauth() {
+  window.open("/oauth/init");
+}
diff --git a/public/test.html b/public/test.html
index 497bffc06..21840095b 100644
--- a/public/test.html
+++ b/public/test.html
@@ -3,63 +3,7 @@
 <head>
   <meta charset="utf-8">
   <title>blurts-server testing UI</title>
-  <script type="text/javascript">
-    function doXHR(aURL, aBodyObj, aAlertText, aDebug=true) {
-      return new Promise((resolve) => {
-        let xhr = new XMLHttpRequest();
-        xhr.onreadystatechange = function() {
-          if (this.readyState == 4 && this.status == 200) {
-            if (aAlertText) {
-              alert(aAlertText);
-            }
-            if (aDebug) {
-              let responseDumpElt = document.getElementById("responseDump");
-              responseDumpElt.appendChild(
-                document.createTextNode(xhr.response));
-              responseDumpElt.appendChild(
-                document.createElement("hr"));
-              responseDumpElt.appendChild(
-                document.createElement("br"));
-            }
-            resolve(xhr.response);
-          }
-        };
-        xhr.open("POST", aURL, true);
-        xhr.setRequestHeader("Content-Type", "application/json;charset=UTF-8");
-        xhr.send(JSON.stringify(aBodyObj));
-      });
-    }
-
-    function addUser() {
-      doXHR("/user/add",
-            { email: document.getElementById("addUserField").value })
-        .then(function() {
-          alert("A verification link has been emailed to the specified address.");
-        });
-    }
-
-    function removeUser() {
-      doXHR("/user/remove",
-            { email: document.getElementById("removeUserField").value });
-    }
-
-    function simulateBreach() {
-      doXHR("/user/breached",
-            { emails: document.getElementById("breachUsersInput").value.split(",").map(e => e.trim()) });
-    }
-
-    function clearUserList() {
-      doXHR("/user/reset", {});
-    }
-
-    function dumpUserList() {
-      doXHR("/user/list", {});
-    }
-
-    function doOauth() {
-      window.open("/oauth/init");
-    }
-  </script>
+  <script src="main.js"></script>
 </head>
 
 <body>