HTML Application: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 08:18, 3 April 2021 edit 14.98.185.30 (talk) →See also Tags: Reverted extraneous markup ← Previous edit		Latest revision as of 20:50, 26 August 2025 edit undo Okterakt (talk \| contribs) Extended confirmed users 578 edits Patent citation Tag: Visual edit
(35 intermediate revisions by 30 users not shown)
Line 1: {{Short description\|Microsoft Windows program}} ~~:''~~{{This ~~article refers to~~ \|Microsoft's proprietary HTA implementation~~. For~~ \|information regarding the [[HTML5]] Cache Manifest, also referred to as offline HTML applications~~, please see [[~~\|Cache manifest in HTML5~~]].''~~}} {{ Infobox file format \| name = HTML Application (HTA) \| icon = Line 23 ⟶ 24: \| standard = \| free = \| url = {{URL\|1=https://~~msdn~~learn.microsoft.com/en-us/~~library~~previous-versions/ms536471(VSv=vs.85)~~.aspx~~?redirectedfrom=MSDN}} }} An '''HTML Application''' ('''HTA''') is a [[Microsoft Windows]] program whose source code consists of [[HTML]], [[Dynamic HTML]], and one or more scripting languages supported by [[Internet Explorer]], such as [[VBScript]] or [[JScript]]. The HTML is used to generate the user interface, and the scripting language is used for the program logic. An HTA executes without the constraints of the ~~internet~~web browser security model; in fact, it executes as a "fully trusted" application. The usual file extension of an HTA is <code>.hta</code>. The ability to execute HTAs was introduced to Microsoft Windows in 1999, along with the release of [[Microsoft Internet Explorer 5]].<ref>[http://support.microsoft.com/kb/200874 ''Article ID:200874 in Microsoft Support''], in Microsoft Support Knowledge Base</ref> On December 9, 2003, this technology was [[patent]]ed.<ref>~~[http~~{{Cite patent\|number=US6662341B1\|title=Method and apparatus for writing a windows application in HTML\|gdate=2003-12-09\|invent1=Cooper\|invent2=Kohnfelder\|invent3=Chavez\|inventor1-first=Phillip R.\|inventor2-first=Loren M.\|inventor3-first=Roderick A.\|url=https://~~news~~patents.~~cnet~~google.com/~~2100~~patent/US6662341B1/en?oq=PN/6,662,341}}</ref><ref>{{Cite web \|last=Festa \|first=Paul \|date=2003-~~1012_3~~12-~~5119072.html~~10 \|title=Microsoft wins HTML application patent \|url=http://www.cnet.com/news/microsoft-wins-html-application-patent/ \|url-status=dead \|archive-url=https://web.archive.org/web/20160310170211/http://www.cnet.com/news/microsoft-wins-html-application-patent/ \|archive-date=2016-03-10 \|access-date=2016-01-10 \|website=[[CNET]]}}</ref> == Uses == Line 38 ⟶ 39: ===Execution=== [[File:~~HTA-Hello World example~~RectifiedWikipediaHTAWindow.png\|alt=\|thumb\|~~300x300px~~346x346px\|~~Screenshot~~One screenshot of anone example window that is produced by <code>mshta.exe</code>]] An HTA is executed using the program <code>mshta.exe</code>, or, alternatively, double-clicking on the file. This program is typically installed along with Internet Explorer. <code>mshta.exe</code> executes the HTA by instantiating the Internet Explorer rendering engine (mshtml) as well as any required language engines (such as vbscript.dll). An HTA is treated like any executable file with extension [[EXE\|<code>.exe</code>]]. When executed via mshta.exe (or if the file icon is double-clicked), it runs immediately. When executed remotely via the browser, the user is asked once, before the HTA is downloaded, whether or not to save or run the application; if saved, it can simply be run on demand after that.<ref name=msintro/> By default, HTAs are rendered as per "standards-mode content in IE7 Standards mode and quirks mode content in IE5 (Quirks) mode", but this can be altered using <code>X-UA-Compatible</code> headers.<ref name=msintro>{{cite web \|url=https://msdn.microsoft.com/en-us/library/ms536496%28v=vs.85%29.aspx#Compatibility \|title=Introduction to HTML Applications (HTAs).\|website=~~Microsft~~Microsoft MSDN\|date=May 2011 \|access-date= 24 June 2016}} Sections include Why Use HTAs, Creating an HTA, HTA-Specific Functionality, Security, Compatibility, Deployment</ref> ~~The~~HTAs ~~HTA~~are ~~engine~~dependent on the Trident (~~mshta.exe~~MSHTML) isbrowser ~~dependent~~engine, onused by [[Internet Explorer]]., ~~Starting~~but ~~from~~are ~~[[Windows~~not ~~Vista]],~~dependent on the Internet Explorer application itself. If a user ~~can~~ [[Removal of Internet Explorer\|~~remove~~removes Internet Explorer]] from Windows, ~~which~~via ~~will~~the ~~cause~~Control Panel, the ~~HTA~~MSHTML engine remains and HTAs continue to ~~stop~~work. HTAs continue to work in Windows 11 as ~~working~~well. HTAs are fully supported running in modes equivalent to Internet Explorer ~~from~~ versions 5 to 9. Further versions, such as 10 and 11, still support HTAs though with some minor features turned off.{{fact\|date=May 2015}} ===Security considerations=== Line 63 ⟶ 64: ==Vulnerabilities== HTA have been used to deliver malware.<ref>{{Cite web\|url=https://www.vmray.com/cyber-security-blog/spora-ransomware-dropper-hta-infect-system/\|title=Spora Ransomware Dropper Uses HTA to Infect System\|date=2017-01-17\|website=VMRay\|language=en-US\|access-date=2018-12-22}}</ref><ref>{{Cite web\|url=https://blog.netwrix.com/2017/06/01/nine-scariest-ransomware-viruses/\|title=8 Scariest Ransomware Viruses\|language=en-US\|access-date=2018-12-22}}</ref> One particular HTA, named ''[[4chan]].hta'' (detected by antiviruses as JS/Chafpin.gen), was widely distributed by the users of the imageboard as a [[steganographic]] image in which the user were instructed to download the picture as an HTA file, which when executed, would cause the computer to automatically spam the website (evading 4chan's [[CAPTCHA]] in the process) with alternate variants of itself; it was reported that such attacks were previously delivered in which the user was prompted to save it as a [[JavaScript\|.js]] file.<ref>{{cite web \|last1=Constantin \|first1=Lucian \|title=4chan Flood Script Is Back with New Social Engineering Trick \|url=https://news.softpedia.com/news/4chan-Flood-Script-Is-Back-with-New-Social-Engineering-Trick-151603.shtml \|website=Softpedia \|access-date=2021-11-09 \|date=2010-08-10}}</ref> ==Example== This is an example of [["Hello, World!" program\|Hello World]] as an HTML Application. <syntaxhighlight lang="~~html4strict~~html"> <HTML> <HEAD> <HTA:APPLICATION ID="HelloExample" BORDER="~~thick~~bold" BORDERSTYLE="complex"/> <TITLE>HTA - Hello World</TITLE> Line 83 ⟶ 84: == See also == [[~~Windows~~Adobe ~~Script Host~~AIR]] [[Active Scripting]] [[Apache Cordova]] [[Chromium Embedded Framework]] [[Electron (software framework)]] [[Firefox OS]] [[React Native]] [[XAML Browser Applications]] (XBAPs) [[XUL]] and [[XULRunner]] - a language and environment for Mozilla cross-platform applications that resembles the mechanism of HTML Applications. [[~~Apache~~Windows ~~Cordova~~Script Host]] ~~≠[COLOUR,DJDF-JJJKK]<ref></ref>~~ ==References== {{~~reflist~~Reflist}} ==External links== Line 103 ⟶ 105: {{Internet Explorer}} [[Category:~~Widget engines~~HTML\|Application]] ~~[[Category:User interface markup languages]]~~ [[Category:Internet Explorer]] [[Category:~~HTML~~User interface markup languages]] [[Category:Widget engines]]