HTML Application
   HOME

TheInfoList



Click Here for Items Related To - HTML Application
OR:
HTML Application on:   [Wikipedia]   [Google]   [Amazon]

An HTML Application (HTA) is a Microsoft Windows program whose source code consists of
HTML The HyperText Markup Language or HTML is the standard markup language for documents designed to be displayed in a web browser. It can be assisted by technologies such as Cascading Style Sheets (CSS) and scripting languages such as JavaSc ...
,
Dynamic HTML Dynamic HTML, or DHTML, is a term which was used by some browser vendors to describe the combination of HTML, style sheets and client-side scripts (JavaScript, VBScript, or any other supported scripts) that enabled the creation of interactive ...
, and one or more scripting languages supported by
Internet Explorer Internet Explorer (formerly Microsoft Internet Explorer and Windows Internet Explorer, commonly abbreviated IE or MSIE) is a series of graphical web browsers developed by Microsoft which was used in the Windows line of operating systems ( ...
, such as
VBScript VBScript (''"Microsoft Visual Basic Scripting Edition"'') is an Active Scripting language developed by Microsoft that is modeled on Visual Basic. It allows Microsoft Windows system administrators to generate powerful tools for managing computers ...
or
JScript JScript is Microsoft's legacy dialect of the ECMAScript standard that is used in Microsoft's Internet Explorer 11 and older. JScript is implemented as an Active Scripting engine. This means that it can be "plugged in" to OLE Automation applic ...
. The HTML is used to generate the user interface, and the scripting language is used for the program logic. An HTA executes without the constraints of the internet browser security model; in fact, it executes as a "fully trusted" application. The usual file extension of an HTA is .hta. The ability to execute HTAs was introduced to Microsoft Windows in 1999, along with the release of Microsoft Internet Explorer 5. On December 9, 2003, this technology was
patent A patent is a type of intellectual property that gives its owner the legal right to exclude others from making, using, or selling an invention for a limited period of time in exchange for publishing an enabling disclosure of the invention."A ...
ed.


Uses

HTAs give the developer the features of HTML together with the advantages of scripting languages. They are popular with Microsoft system administrators who use them for system administration from prototypes to "full-scale" applications, especially where flexibility and speed of development are critical.


Environment


Execution

An HTA is executed using the program mshta.exe, or, alternatively, double-clicking on the file. This program is typically installed along with Internet Explorer. mshta.exe executes the HTA by instantiating the Internet Explorer rendering engine (mshtml) as well as any required language engines (such as vbscript.dll). An HTA is treated like any executable file with extension .exe. When executed via mshta.exe (or if the file icon is double-clicked), it runs immediately. When executed remotely via the browser, the user is asked once, before the HTA is downloaded, whether or not to save or run the application; if saved, it can simply be run on demand after that. By default, HTAs are rendered as per "standards-mode content in IE7 Standards mode and quirks mode content in IE5 (Quirks) mode", but this can be altered using X-UA-Compatible headers. Sections include Why Use HTAs, Creating an HTA, HTA-Specific Functionality, Security, Compatibility, Deployment HTAs are dependent on the Trident (MSHTML) browser engine, used by
Internet Explorer Internet Explorer (formerly Microsoft Internet Explorer and Windows Internet Explorer, commonly abbreviated IE or MSIE) is a series of graphical web browsers developed by Microsoft which was used in the Windows line of operating systems ( ...
, but are not dependent on the Internet Explorer application itself. If a user removes Internet Explorer from Windows, via the Control Panel, the MSHTML engine remains and HTAs continue to work. HTAs continue to work in Windows 11 as well. HTAs are fully supported running in modes equivalent to Internet Explorer versions 5 to 9. Further versions, such as 10 and 11, still support HTAs though with some minor features turned off.


Security considerations

When a regular HTML file is executed, the execution is confined to the security model of the
web browser A web browser is application software for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's screen. Browsers are used o ...
. This means it is confined to communicating with the server, manipulating the page's
object model In computing, object model has two related but distinct meanings: # The properties of objects in general in a specific computer programming language, technology, notation or methodology that uses them. Examples are the object models of ''Java'', ...
(usually to validate forms and/or create interesting visual effects) and reading or writing
cookies A cookie is a baked or cooked snack or dessert that is typically small, flat and sweet. It usually contains flour, sugar, egg, and some type of oil, fat, or butter. It may include other ingredients such as raisins, oats, chocolate chi ...
. On the other hand, an HTA runs as a fully trusted application and therefore has more privileges than a normal HTML file; for example, an HTA can create, edit and remove files and
registry Registry may refer to: Computing * Container registry, an operating-system-level virtualization registry * Domain name registry, a database of top-level internet domain names * Local Internet registry * Metadata registry, information system for re ...
entries. Although HTAs run in this 'trusted' environment, querying
Active Directory Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It is included in most Windows Server operating systems as a set of Process (computing), processes and Windows service, services. Initially, Active D ...
can be subject to Internet Explorer Zone logic and associated error messages.


Development

To customize the appearance of an HTA, an optional tag hta:application was introduced to the HEAD section. This tag exposes a set of attributes that enable control of border style, the program icon, etc., and provide information such as the argument (command line) used to launch the HTA. Otherwise, an HTA has the same format as an HTML page. Any text editor can be used to create an HTA. Editors with special features for developing HTML applications may be obtained from Microsoft or from third-party sources. An existing HTML file (with file extension .htm or .html, for example) can be changed to an HTA by simply changing the extension to .hta.


Vulnerabilities

HTA have been used to deliver malware. One particular HTA, named ''
4chan 4chan is an anonymous English-language imageboard website. Launched by Christopher "moot" Poole in October 2003, the site hosts boards dedicated to a wide variety of topics, from anime and manga to video games, cooking, weapons, television, ...
.hta'' (detected by antiviruses as JS/Chafpin.gen), was widely distributed by the users of the imageboard as a
steganographic Steganography ( ) is the practice of representing information within another message or physical object, in such a manner that the presence of the information is not evident to human inspection. In computing/electronic contexts, a computer file, ...
image in which the user were instructed to download the picture as an HTA file, which when executed, would cause the computer to automatically spam the website (evading 4chan's
CAPTCHA A CAPTCHA ( , a contrived acronym for "Completely Automated Public Turing test to tell Computers and Humans Apart") is a type of challenge–response test used in computing to determine whether the user is human. The term was coined in 2003 b ...
in the process) with alternate variants of itself; it was reported that such attacks were previously delivered in which the user was prompted to save it as a .js file.


Example

This is an example of
Hello World ''Hello'' is a salutation or greeting in the English language. It is first attested in writing from 1826. Early uses ''Hello'', with that spelling, was used in publications in the U.S. as early as the 18 October 1826 edition of the '' Norwich ...
as an HTML Application. HTA - Hello World

HTA - Hello World


See also

*
Adobe AIR Adobe AIR (also known as Adobe Integrated Runtime and is codenamed Apollo) is a cross-platform runtime system currently developed by Harman International, in collaboration with Adobe Inc., for building desktop applications and mobile applicat ...
*
Active Scripting Active Scripting (formerly known as ActiveX Scripting) is the technology used in Windows to implement component-based scripting support. It is based on OLE Automation (part of COM) and allows installation of additional scripting engines in the form ...
*
Apache Cordova Apache Cordova (formerly PhoneGap) is a mobile application development framework created by Nitobi. Adobe Systems purchased Nitobi in 2011, rebranded it as PhoneGap, and later released an open-source version of the software called Apache Cordov ...
* Chromium Embedded Framework *
Electron (software framework) Electron (formerly known as Atom Shell) is a free and open-source software framework developed and maintained by GitHub. The framework is designed to create desktop applications using web technologies (mainly HTML, CSS and JavaScript, althou ...
*
Firefox OS Firefox OS (project name: ''Boot to Gecko'', also known as ''B2G'') is a discontinued open-source operating system made for smartphones, tablet computers, smart TVs, and dongles designed by Mozilla and external contributors. It is based on the ...
*
React Native React Native is an open-source UI software framework created by Meta Platforms, Inc. It is used to develop applications for Android, Android TV, iOS, macOS, tvOS, Web, Windows and UWP by enabling developers to use the React framework along ...
*
XAML Browser Applications XAML Browser Applications (XBAP, pronounced "ex-bap") are Windows Presentation Foundation (.xbap) applications that are hosted and run inside a web browser such as Firefox or Internet Explorer. Hosted applications run in a partial trust sandbox en ...
(XBAPs) *
XUL XUL ( ), which stands for XML User Interface Language, is a user interface markup language developed by Mozilla. XUL is an XML dialect for writing graphical user interfaces, enabling developers to write user interface elements in a manner sim ...
and
XULRunner XULRunner is a discontinued, packaged version of the Mozilla platform to enable standalone desktop application development using XUL, developed by Mozilla. It replaced the ''Gecko Runtime Environment'', a stalled project with a similar purpose. T ...
- a language and environment for Mozilla cross-platform applications that resembles the mechanism of HTML Applications. *
Windows Script Host The Microsoft Windows Script Host (WSH) (formerly named Windows Scripting Host) is an automation technology for Microsoft Windows operating systems that provides scripting abilities comparable to batch files, but with a wider range of supported fe ...


References


External links


HTML Component (HTC) Reference at MSDN
An HTC encapsulates specific functionality or behavior within HTAs.
The Script Center
The Script Center, home of Hey, Scripting Guy! Blog
Learn About Scripting for HTML Applications (HTAs)
a tutorial site for learning about HTA's {{Internet Explorer HTML Internet Explorer User interface markup languages Widget engines