Content deleted Content added
Fix grammar Tags: Reverted Visual edit: Switched |
m Reverted edits by 96.241.247.11 (talk) (HG) (3.4.11) |
||
Line 27:
}}
The usual file extension of
The ability to execute HTAs was introduced to Microsoft Windows in 1999, along with the release of [[Microsoft Internet Explorer 5]].<ref>[http://support.microsoft.com/kb/200874 ''Article ID:200874 in Microsoft Support''], in Microsoft Support Knowledge Base</ref> On December 9, 2003, this technology was [[patent]]ed.<ref>[http://news.cnet.com/2100-1012_3-5119072.html Microsoft wins HTML application patent]</ref>
Line 40:
===Execution===
[[File:RectifiedWikipediaHTAWindow.png|alt=|thumb|346x346px|One screenshot of one example window that is produced by <code>mshta.exe</code>]]
By default, HTAs are rendered as per "standards-mode content in IE7 Standards mode and quirks mode content in IE5 (Quirks) mode", but this can be altered using <code>X-UA-Compatible</code> headers.<ref name=msintro>{{cite web |url=https://msdn.microsoft.com/en-us/library/ms536496%28v=vs.85%29.aspx#Compatibility |title=Introduction to HTML Applications (HTAs).|website=Microsft MSDN|date=May 2011 |access-date= 24 June 2016}} Sections include Why Use HTAs, Creating
HTAs are dependent on the Trident (MSHTML) browser engine, used by [[Internet Explorer]], but are not dependent on the Internet Explorer application itself. If a user [[Removal of Internet Explorer|removes Internet Explorer]] from Windows, via the Control Panel, the MSHTML engine remains and HTAs continue to work. HTAs continue to work in Windows 11 as well.
Line 54:
When a regular HTML file is executed, the execution is confined to the security model of the [[web browser]]. This means it is confined to communicating with the server, manipulating the page's [[object model]] (usually to validate forms and/or create interesting visual effects) and reading or writing [[HTTP cookie|cookies]].
On the other hand,
==Development==
To customize the appearance of
Any text editor can be used to create
An existing HTML file (with file extension <code>.htm</code> or <code>.html</code>, for example) can be changed to
==Vulnerabilities==
HTA have been used to deliver malware.<ref>{{Cite web|url=https://www.vmray.com/cyber-security-blog/spora-ransomware-dropper-hta-infect-system/|title=Spora Ransomware Dropper Uses HTA to Infect System|date=2017-01-17|website=VMRay|language=en-US|access-date=2018-12-22}}</ref><ref>{{Cite web|url=https://blog.netwrix.com/2017/06/01/nine-scariest-ransomware-viruses/|title=8 Scariest Ransomware Viruses|language=en-US|access-date=2018-12-22}}</ref> One particular HTA, named ''[[4chan]].hta'' (detected by antiviruses as JS/Chafpin.gen), was widely distributed by the users of the imageboard as a [[steganographic]] image in which the user were instructed to download the picture as
==Example==
This is an example of [[Hello World]] as
<syntaxhighlight lang="html4strict">
Line 99:
==External links==
* [http://msdn2.microsoft.com/en-us/library/ms531018.aspx HTML Component (HTC) Reference at MSDN].
* [https://technet.microsoft.com/en-ca/scriptcenter/default.aspx The Script Center], The Script Center, home of Hey, Scripting Guy! Blog
* [https://technet.microsoft.com/en-ca/scriptcenter/dd742317.aspx Learn About Scripting for HTML Applications (HTAs)], a tutorial site for learning about HTA's
|