HTML Application: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 17:33, 2 May 2021 edit Rokejulianlockhart.1674241089 (talk \| contribs) 22 edits No edit summary Tag: Visual edit ← Previous edit		Latest revision as of 20:50, 26 August 2025 edit undo Okterakt (talk \| contribs) Extended confirmed users 581 edits Patent citation Tag: Visual edit
(33 intermediate revisions by 28 users not shown)
Line 1: {{Short description\|Microsoft Windows program}} ~~:''~~{{This ~~article refers to~~ \|Microsoft's proprietary HTA implementation~~. For~~ \|information regarding the [[HTML5]] Cache Manifest, also referred to as offline HTML applications~~, please see [[~~\|Cache manifest in HTML5~~]].''~~}} {{ Infobox file format \| name = HTML Application (HTA) \| icon = Line 23 ⟶ 24: \| standard = \| free = \| url = {{URL\|1=https://~~msdn~~learn.microsoft.com/en-us/~~library~~previous-versions/ms536471(VSv=vs.85)~~.aspx~~?redirectedfrom=MSDN}} }} An '''HTML Application''' ('''HTA''') is a [[Microsoft Windows]] program whose source code consists of [[HTML]], [[Dynamic HTML]], and one or more scripting languages supported by [[Internet Explorer]], such as [[VBScript]] or [[JScript]]. The HTML is used to generate the user interface, and the scripting language is used for the program logic. An HTA executes without the constraints of the ~~internet~~web browser security model; in fact, it executes as a "fully trusted" application. The usual file extension of an HTA is <code>.hta</code>. The ability to execute HTAs was introduced to Microsoft Windows in 1999, along with the release of [[Microsoft Internet Explorer 5]].<ref>[http://support.microsoft.com/kb/200874 ''Article ID:200874 in Microsoft Support''], in Microsoft Support Knowledge Base</ref> On December 9, 2003, this technology was [[patent]]ed.<ref>~~[http~~{{Cite patent\|number=US6662341B1\|title=Method and apparatus for writing a windows application in HTML\|gdate=2003-12-09\|invent1=Cooper\|invent2=Kohnfelder\|invent3=Chavez\|inventor1-first=Phillip R.\|inventor2-first=Loren M.\|inventor3-first=Roderick A.\|url=https://~~news~~patents.~~cnet~~google.com/~~2100~~patent/US6662341B1/en?oq=PN/6,662,341}}</ref><ref>{{Cite web \|last=Festa \|first=Paul \|date=2003-~~1012_3~~12-~~5119072.html~~10 \|title=Microsoft wins HTML application patent \|url=http://www.cnet.com/news/microsoft-wins-html-application-patent/ \|url-status=dead \|archive-url=https://web.archive.org/web/20160310170211/http://www.cnet.com/news/microsoft-wins-html-application-patent/ \|archive-date=2016-03-10 \|access-date=2016-01-10 \|website=[[CNET]]}}</ref> == Uses == Line 43 ⟶ 44: An HTA is treated like any executable file with extension [[EXE\|<code>.exe</code>]]. When executed via mshta.exe (or if the file icon is double-clicked), it runs immediately. When executed remotely via the browser, the user is asked once, before the HTA is downloaded, whether or not to save or run the application; if saved, it can simply be run on demand after that.<ref name=msintro/> By default, HTAs are rendered as per "standards-mode content in IE7 Standards mode and quirks mode content in IE5 (Quirks) mode", but this can be altered using <code>X-UA-Compatible</code> headers.<ref name=msintro>{{cite web \|url=https://msdn.microsoft.com/en-us/library/ms536496%28v=vs.85%29.aspx#Compatibility \|title=Introduction to HTML Applications (HTAs).\|website=~~Microsft~~Microsoft MSDN\|date=May 2011 \|access-date= 24 June 2016}} Sections include Why Use HTAs, Creating an HTA, HTA-Specific Functionality, Security, Compatibility, Deployment</ref> ~~The~~HTAs ~~HTA~~are ~~engine~~dependent on the Trident (~~mshta.exe~~MSHTML) isbrowser ~~dependent~~engine, onused by [[Internet Explorer]]., ~~Starting~~but ~~from~~are ~~[[Windows~~not ~~Vista]],~~dependent on the Internet Explorer application itself. If a user ~~can~~ [[Removal of Internet Explorer\|~~remove~~removes Internet Explorer]] from Windows, ~~which~~via ~~will~~the ~~cause~~Control Panel, the ~~HTA~~MSHTML engine remains and HTAs continue to ~~stop~~work. HTAs continue to work in Windows 11 as ~~working~~well. HTAs are fully supported running in modes equivalent to Internet Explorer ~~from~~ versions 5 to 9. Further versions, such as 10 and 11, still support HTAs though with some minor features turned off.{{fact\|date=May 2015}} ===Security considerations=== Line 63 ⟶ 64: ==Vulnerabilities== HTA have been used to deliver malware.<ref>{{Cite web\|url=https://www.vmray.com/cyber-security-blog/spora-ransomware-dropper-hta-infect-system/\|title=Spora Ransomware Dropper Uses HTA to Infect System\|date=2017-01-17\|website=VMRay\|language=en-US\|access-date=2018-12-22}}</ref><ref>{{Cite web\|url=https://blog.netwrix.com/2017/06/01/nine-scariest-ransomware-viruses/\|title=8 Scariest Ransomware Viruses\|language=en-US\|access-date=2018-12-22}}</ref> One particular HTA, named ''[[4chan]].hta'' (detected by antiviruses as JS/Chafpin.gen), was widely distributed by the users of the imageboard as a [[steganographic]] image in which the user were instructed to download the picture as an HTA file, which when executed, would cause the computer to automatically spam the website (evading 4chan's [[CAPTCHA]] in the process) with alternate variants of itself; it was reported that such attacks were previously delivered in which the user was prompted to save it as a [[JavaScript\|.js]] file.<ref>{{cite web \|last1=Constantin \|first1=Lucian \|title=4chan Flood Script Is Back with New Social Engineering Trick \|url=https://news.softpedia.com/news/4chan-Flood-Script-Is-Back-with-New-Social-Engineering-Trick-151603.shtml \|website=Softpedia \|access-date=2021-11-09 \|date=2010-08-10}}</ref> ==Example== This is an example of [["Hello, World!" program\|Hello World]] as an HTML Application. <syntaxhighlight lang="~~html4strict~~html"> <HTML> <HEAD> <HTA:APPLICATION ID="HelloExample" BORDER="~~thick~~bold" BORDERSTYLE="complex"/> <TITLE>HTA - Hello World</TITLE> Line 83 ⟶ 84: == See also == [[~~Windows~~Adobe ~~Script Host~~AIR]] [[Active Scripting]] [[Apache Cordova]] [[Chromium Embedded Framework]] [[Electron (software framework)]] [[Firefox OS]] [[React Native]] [[XAML Browser Applications]] (XBAPs) [[XUL]] and [[XULRunner]] - a language and environment for Mozilla cross-platform applications that resembles the mechanism of HTML Applications. [[~~Apache~~Windows ~~Cordova~~Script Host]] ==References== {{~~reflist~~Reflist}} ==External links== Line 102 ⟶ 105: {{Internet Explorer}} [[Category:~~Widget engines~~HTML\|Application]] ~~[[Category:User interface markup languages]]~~ [[Category:Internet Explorer]] [[Category:~~HTML~~User interface markup languages]] [[Category:Widget engines]]