HTML Application on:
[Wikipedia]
[Google]
[Amazon]
An HTML Application (HTA) is a
An HTA is executed using the program
HTA - Hello World
HTML Component (HTC) Reference at MSDN
An HTC encapsulates specific functionality or behavior within HTAs.
The Script Center
The Script Center, home of Hey, Scripting Guy! Blog
Learn About Scripting for HTML Applications (HTAs)
a tutorial site for learning about HTA's {{Internet Explorer Application Internet Explorer User interface markup languages Widget engines
Microsoft Windows
Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...
program whose source code consists of HTML
Hypertext Markup Language (HTML) is the standard markup language for documents designed to be displayed in a web browser. It defines the content and structure of web content. It is often assisted by technologies such as Cascading Style Sheets ( ...
, Dynamic HTML
Dynamic HTML, or DHTML, is a term which was used by some browser vendors to describe the combination of HTML, style sheets and client-side scripts (JavaScript, VBScript, or any other supported scripts) that enabled the creation of interactive ...
, and one or more scripting languages supported by Internet Explorer
Internet Explorer (formerly Microsoft Internet Explorer and Windows Internet Explorer, commonly abbreviated as IE or MSIE) is a deprecation, retired series of graphical user interface, graphical web browsers developed by Microsoft that were u ...
, such as VBScript
VBScript (Microsoft Visual Basic Scripting Edition) is a deprecated programming language for scripting on Microsoft Windows using Component Object Model (COM), based on classic Visual Basic and Active Scripting. It was popular with system admi ...
or JScript
JScript is Microsoft's legacy dialect of the ECMAScript standard that is used in Microsoft's Internet Explorer web browser and HTML Applications, and as a standalone Windows scripting language.
JScript is implemented as an Active Scripting eng ...
. The HTML is used to generate the user interface, and the scripting language is used for the program logic. An HTA executes without the constraints of the web browser security model; in fact, it executes as a "fully trusted" application.
The usual file extension of an HTA is .hta.
The ability to execute HTAs was introduced to Microsoft Windows in 1999, along with the release of Microsoft Internet Explorer 5. On December 9, 2003, this technology was patent
A patent is a type of intellectual property that gives its owner the legal right to exclude others from making, using, or selling an invention for a limited period of time in exchange for publishing an sufficiency of disclosure, enabling discl ...
ed.
Uses
HTAs give the developer the features of HTML together with the advantages of scripting languages. They are popular with Microsoft system administrators who use them for system administration from prototypes to "full-scale" applications, especially where flexibility and speed of development are critical.Environment
Execution
An HTA is executed using the program mshta.exe, or, alternatively, double-clicking on the file. This program is typically installed along with Internet Explorer. mshta.exe executes the HTA by instantiating the Internet Explorer rendering engine (mshtml) as well as any required language engines (such as vbscript.dll).
An HTA is treated like any executable file with extension .exe. When executed via mshta.exe (or if the file icon is double-clicked), it runs immediately. When executed remotely via the browser, the user is asked once, before the HTA is downloaded, whether or not to save or run the application; if saved, it can simply be run on demand after that.
By default, HTAs are rendered as per "standards-mode content in IE7 Standards mode and quirks mode content in IE5 (Quirks) mode", but this can be altered using X-UA-Compatible headers. Sections include Why Use HTAs, Creating an HTA, HTA-Specific Functionality, Security, Compatibility, Deployment
HTAs are dependent on the Trident (MSHTML) browser engine, used by Internet Explorer
Internet Explorer (formerly Microsoft Internet Explorer and Windows Internet Explorer, commonly abbreviated as IE or MSIE) is a deprecation, retired series of graphical user interface, graphical web browsers developed by Microsoft that were u ...
, but are not dependent on the Internet Explorer application itself. If a user removes Internet Explorer from Windows, via the Control Panel, the MSHTML engine remains and HTAs continue to work. HTAs continue to work in Windows 11 as well.
HTAs are fully supported running in modes equivalent to Internet Explorer versions 5 to 9. Further versions, such as 10 and 11, still support HTAs though with some minor features turned off.
Security considerations
When a regular HTML file is executed, the execution is confined to the security model of theweb browser
A web browser, often shortened to browser, is an application for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's scr ...
. This means it is confined to communicating with the server, manipulating the page's object model
In computing, object model has two related but distinct meanings:
# The properties of objects in general in a specific computer programming language, technology, notation or methodology that uses them. Examples are the object models of ''Java'', ...
(usually to validate forms and/or create interesting visual effects) and reading or writing cookies
A cookie is a sweet biscuit with high sugar and fat content. Cookie dough is softer than that used for other types of biscuit, and they are cooked longer at lower temperatures. The dough typically contains flour, sugar, egg, and some type of ...
.
On the other hand, an HTA runs as a fully trusted application and therefore has more privileges than a normal HTML file; for example, an HTA can create, edit and remove files and registry entries. Although HTAs run in this 'trusted' environment, querying Active Directory
Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. Windows Server operating systems include it as a set of processes and services. Originally, only centralized domain management used Active Direct ...
can be subject to Internet Explorer Zone logic and associated error messages.
Development
To customize the appearance of an HTA, an optional taghta:application was introduced to the HEAD section. This tag exposes a set of attributes that enable control of border style, the program icon, etc., and provide information such as the argument (command line) used to launch the HTA. Otherwise, an HTA has the same format as an HTML page.
Any text editor can be used to create an HTA. Editors with special features for developing HTML applications may be obtained from Microsoft or from third-party sources.
An existing HTML file (with file extension .htm or .html, for example) can be changed to an HTA by simply changing the extension to .hta.
Vulnerabilities
HTA have been used to deliver malware. One particular HTA, named ''4chan
4chan is an anonymous English-language imageboard website. Launched by Christopher "moot" Poole in October 2003, the site hosts boards dedicated to a wide variety of topics, from video games and television to literature, cooking, weapons, mu ...
.hta'' (detected by antiviruses as JS/Chafpin.gen), was widely distributed by the users of the imageboard as a steganographic
Steganography ( ) is the practice of representing information within another message or physical object, in such a manner that the presence of the concealed information would not be evident to an unsuspecting person's examination. In computing/ ...
image in which the user were instructed to download the picture as an HTA file, which when executed, would cause the computer to automatically spam the website (evading 4chan's CAPTCHA
Completely Automated Public Turing Test to tell Computers and Humans Apart (CAPTCHA) ( ) is a type of challenge–response authentication, challenge–response turing test used in computing to determine whether the user is human in order to de ...
in the process) with alternate variants of itself; it was reported that such attacks were previously delivered in which the user was prompted to save it as a .js file.
Example
This is an example ofHello World
Hello World may refer to:
* "Hello, World!" program, a computer program that outputs or displays the message "Hello, World!"
Music
* "Hello World!" (composition), song by the Iamus computer
* "Hello World" (Tremeloes song), 1969
* "Hello World" ...
as an HTML Application.
HTA - Hello World
See also
*Adobe AIR
Adobe AIR (also known as Adobe Integrated Runtime and codenamed Apollo) is a cross-platform runtime system currently developed by Harman International, in collaboration with Adobe Inc., for building desktop applications and mobile application ...
*Active Scripting
Active Scripting (formerly known as ActiveX Scripting) is the technology used in Windows to implement component-based scripting support. It is based on OLE Automation (part of COM) and allows installation of additional scripting engines in the for ...
*Apache Cordova
Apache Cordova (formerly PhoneGap) is a mobile application development framework created by Nitobi. Adobe Systems purchased Nitobi in 2011, rebranded it as PhoneGap, and later released an open-source version of the software called Apache Cordova. ...
* Chromium Embedded Framework
*Electron (software framework)
Electron (formerly known as Atom Shell) is a free and open-source software framework developed and maintained by OpenJS Foundation. The framework is designed to create desktop applications using web technologies (mainly HTML, CSS and JavaScri ...
*Firefox OS
Firefox OS (project name: ''Boot to Gecko'', also known as ''B2G'') is a discontinued Open-source software, open-source operating system made for smartphones, tablet computers, smart TVs, and Matchstick TV, dongles designed by Mozilla and exte ...
*React Native
React Native is an open-source UI software framework developed by Meta Platforms (formerly Facebook Inc.). It is used to develop applications for Android, Android TV, iOS, macOS, tvOS, Web, Windows and UWP by enabling developers to use the R ...
* XAML Browser Applications (XBAPs)
* XUL and XULRunner
XULRunner is a discontinued, packaged version of the Mozilla platform to enable standalone desktop application development using XUL, developed by Mozilla. It replaced the ''Gecko Runtime Environment'', a stalled project with a similar purpose. ...
- a language and environment for Mozilla cross-platform applications that resembles the mechanism of HTML Applications.
*Windows Script Host
The Microsoft Windows Script Host (WSH) (formerly named Windows Scripting Host) is an automation technology for Microsoft Windows operating systems that provides scripting abilities comparable to batch files, but with a wider range of supported fe ...
References
External links
HTML Component (HTC) Reference at MSDN
An HTC encapsulates specific functionality or behavior within HTAs.
The Script Center
The Script Center, home of Hey, Scripting Guy! Blog
Learn About Scripting for HTML Applications (HTAs)
a tutorial site for learning about HTA's {{Internet Explorer Application Internet Explorer User interface markup languages Widget engines