HTML Applications – Introducing the HTA File
We all know what a .HTM file. But what about a .HTA file? The two are closely related, yet very different. Let me explain.
The letters HTA are meant to stand for HTML Application. The technology was developed by Microsoft, so is a proprietary concept, and only works in conjunction with Internet Explorer (specifically version 5 and above).
What is HTML Application (HTA)?
An HTML Application (HTA) is a Microsoft Windows program whose source code consists of HTML, Dynamic HTML, and one or more scripting languages supported by Internet Explorer, such as VBScript or JScript. The HTML is used to generate the user interface, and the scripting language is used for the program logic. An HTA executes without the constraints of the internet browser security model; in fact, it executes as a “fully trusted” application.
Uses
HTAs give the developer the features of HTML together with the advantages of scripting languages. They are popular with Microsoft system administrators who use them for system administration from prototypes to “full-scale” applications, especially where flexibility and speed of development are critical
Why Use HTAs?
You are probably aware that dynamic HTML (which is a combination of style sheets, JavaScript and the Document Object Model) provides the power to build mini-applications. For example, you can use DHTML to build a card game into an HTML page. If you wanted this DHTML application to behave more like a program than a Web page, you could choose to distribute it as an HTA file. And importantly, the HTA format gives you control over the user interface that normal scripting does not let you have over the Internet Explorer interface.
HTAs are really useful in many similar situations. If you are prototyping an idea, building wizard interfaces, or testing Web forms, the HTA concept could be a godsend. Building prototypes of a Web application is probably the most important use for HTA files. Without having to code the behind-the-scenes processing, an interface designer could create the form fields, drop-downs, and other interface elements, and code simple message boxes to illustrate how the real system would work.
Security Issues
HTAs have the potential to carry out actions that Netscape or Internet Explorer would never permit in a Web page. The purpose of this “trusted” status is so that an application can run seamlessly, without annoying alerts and warnings. So once running, script inside the HTA file can manipulate your PC. Maybe it will alarm you to know that HTAs have read/write access to the files and system registry on the client PC.
With this power comes responsibility. You should exercise caution when embedding ActiveX and Java controls in your HTA, to prevent yourself accidentally distributing viruses or other malicious code.
Security considerations
When a regular HTML file is executed, the execution is confined to the security model of the web browser, that is, it is onfined to communicating with the server, manipulating the page’s object model (usually to validate forms and/or create interesting visual effects) and reading or writing cookies.
On the other hand, an HTA runs as a fully trusted application and therefore has more privileges than a normal HTML file; for example, an HTA can create, edit and remove files and registry entries. Although HTAs run in this ‘trusted’ environment, querying Active Directory can be subject to Internet Explorer Zone logic and associated error messages.
Development
To customize the appearance of an HTA, an optional tag hta:application was introduced to the HEAD section. This tag exposes a set of attributes that enable control of border style, the program icon, etc., and provide information such as the argument (commandline) used to launch the HTA. Otherwise, an HTA has the same format as an HTML page.
Any text editor can be used to create an HTA. Editors with special features for developing HTML applications may be obtained from Microsoft or from third-party sources.
An existing HTML file (with file extension .htm or .html, for example) can be changed to an HTA by simply changing the extension to .hta.
HTA Application Properties Table
| applicationName | Sets the name of the application, which is used by the singleInstance attribute to determine whether other instances of the HTA are running. |
| border | Sets the window border format. Options are thin, dialog, none, and thick |
| borderStyle | Sets the border style settings. Options are complex, normal, raised, static, and sunken. |
| caption | Indicates whether the HTML title (from the <head> section) should appear in the window title bar. Options are yes and no. |
| icon | Nominates the URL of the icon to be used in the window title bar. This must be a 32 x 32 pixel icon in .ICO format. |
| maximizeButton | Indicates whether the window will include a maximize button. Options are yes and no. |
| minimizeButton | Indicates whether the window will include a minimize button. Options are yes and no. |
| showInTaskbar | Indicates whether the window will appear in the Windows task bar. Options are yes and no. |
| windowState | Describes how the window will initially display. Options are normal, minimize, and maximize. |
| innerBorder | Indicates whether the window will include an inner border. Options are yes and no. |
| navigable | |
| scroll | Indicates whether the window will include a scroll bar. Options are yes and no. |
| scrollFlat | Indicates whether a scroll bar will be 3D or not. Options are yes and no. |
| singleInstance | Indicates whether only one instance of the application can be run at one time. This can avoid multiple instances of the HTA being run. Options are yes and no. |
| sysMenu | Indicates whether a system menu is displayed when the icon in the title bar is clicked. Options are yes and no. |
| contextMenu | Indicates whether a context menu is displayed when an object on the HTA is right-clicked. Options are yes and no. You can use this feature to effectively prevent your HTML code from being viewed, or the content being printed, as these options are normally accessible within an HTA file from the context menu only. |
| election | Indicates whether text within the HTA window can be selected with the mouse or keyboard. Options are yes and no. |
| version | Sets the version number of the HTA application. This can later be retrieved by code within the HTA page. |
Example
<HTML> <HEAD> <HTA:APPLICATION ID="HelloExample" BORDER="thick" BORDERSTYLE="complex"/> <TITLE>HTA - Hello World</TITLE> </HEAD> <BODY> <H2>HTA - Hello World</H2> </BODY> </HTML>
Recent Comments