Indicates whether the content of the FRAME or IFRAME object is an HTML Application (HTA) and, therefore, exempt from the browser security model.
Syntax
HTML <ELEMENT APPLICATION= bApplication ... > Scripting N/A
Possible Values
bApplication Boolean that specifies one of the following values:
yes Treats all content of the FRAME or IFRAME as an HTA, in which case the content is trusted. no Treats all content of the FRAME or IFRAME as part of an HTML document by applying the browser security rules for unsafe content. The attribute has a default value of no.
Remarks
The APPLICATION attribute can be used only in HTAs.
You can use the APPLICATION attribute to control the content of your Web pages. For example, you can use the attribute to create an HTA that has one FRAME that accesses unsafe content, such as Internet URLs, and another FRAME that accesses safe content. You can also use the attribute for cross-domain scripting between HTA-enabled frames.
A nested FRAME or IFRAME requires each container FRAME to be HTA-enabled (for example, APPLICATION="yes") for the innermost FRAME or IFRAME to accept the value of APPLICATION="yes". Take, for instance, an IFRAME that contains a frameset. Each FRAME within the frameset qualifies as being nested. For the innermost FRAME to be considered safe, it and each each parent FRAME must be declared as APPLICATION="yes".
HTAs are designed to prevent each untrusted HTML FRAME and IFRAME from having script access to the HTA that contains them. In the case of a non-HTA-enabled FRAME, the highest level frame comprises the top window for each FRAME that it contains. The window.top and window.self are the same for that FRAME. In addition, an unsafe FRAME or IFRAME receives neither a referrer nor an opener URL from the parent HTA. This means FRAME or IFRAME are not affected by the the parent window of the containing HTA.
Applies To
FRAME, IFRAME
See Also