 | ||
|
| ||
| ||
|
| ||
Loren Kohnfelder
Microsoft Corporation
Updated March 18, 1999 Posted November 4, 1998
The following article was originally published in Site Builder Magazine (now known as MSDN Online Voices).
Internet Explorer 5 introduces HTML Applications (HTA). They allow you to use the same Dynamic HTML technology (DHTML) "out of the browser" to write standalone applications. With HTA you can write an application the same way you write a Web page with DHTML and script, or you can take content originally authored for the Web and turn it into an application.
Being "out of the browser" means that HTAs differ from Web pages in two important ways:
You can use HTAs to author a wide range of applications. Here are a few of the most common scenarios for which HTAs provide an excellent solution:
The best way to understand how an HTA works is to actually write one:
<HTML> <HEAD> <TITLE>Simple HTML Application</TITLE> </HEAD> <BODY> This is a simple HTML Application. <BR> <BUTTON onclick="self.close()">Exit</BUTTON> </BODY> </HTML>
Here's how this simple HTA looks (you must be using Internet Explorer 5 or Internet Explorer 4.0 to view this sample).
This sample code is a simple HTML page: Giving it the file extension *.hta is what makes this an HTML application. Launch the .hta file to start the application. The <TITLE> "Simple HTML Application" becomes the application window title, the window content area is the text of the <BODY>, and the <BUTTON> labeled "Exit" is defined as an HTML button.
This application contains an exit button because the application is running without the user interface that the browser provides for Web pages.
This simplest of examples demonstrates how an HTML page can be turned into an HTA application. Anything you can do with DHTML and script in the browser will work within the HTA application window-content area.
While HTA is, for the most part, an extension of the same DHTML functionality you use to author great Web content, there are a few features specific to the needs of an application that are implemented using the <HTA:APPLICATION> tag. By using this tag, you can specify an icon for the application, control the window caption and border, and so forth.
The application tag should appear in the <HEAD> section and consist of a few attribute declarations that customize the appearance and features of the application window. In the example above, the following tag inserted below <HEAD> specifies an icon for the application, and that the window should have no system menu.
<HTA:APPLICATION ICON=simple.ico sysMenu=no>
The MSDN Online Web Workshop has full details on features that may be specified for the <HTA:APPLICATION> tag.
Since HTAs run as fully trusted applications, certain security precautions are necessary when HTAs use Web content that is not equally trusted. While the HTA is free of all security restrictions, it is important to maintain the usual Web-security constraints for untrusted content within the HTA (as determined by the zone settings for the particular Web page). Thus, for security purposes, a frame containing HTML within an HTA is treated exactly as it is within the browser.
On the other hand, in some cases a frame might actually be a functional part of the HTA -- in which case it needs to be able to interact and do all the same things that the HTA itself can do. For instance, if you wrote a wizard HTA, it might be convenient to have an outer framework, with title and forward/back buttons, and an inner frame that defined the content for individual panes of the wizard. These frames would need to work as part of the HTA, and, of course, only appropriate and trustworthy content would be put into the frame -- certainly not content from any URL whatsoever.
The HTA container page defines which frames are, and are not, trusted by use of a special attribute on the <FRAME> or <IFRAME> tag that is unique to HTAs. By specifying TRUSTED=YES, the HTA infers all of its privileges upon the content it navigates into the frame. Absent this attribute or with TRUSTED=NO, the frame content is handled just like HTML in the browser. Since only HTAs can declare a TRUSTED attribute (which is ignored for HTML within the browser), it is impossible for untrusted content to assert trust it does not have.
Believe it or not, this short article has introduced you to all of the basic features that are particular to HTML Applications. The DHTML platform provides the additional rich functionality you need to make compelling real-world applications with HTAs.
Once you have a great HTA, you will need to deliver it to users. As with Web content, there are a number of approaches to choose from. Basically, HTAs can either be installed as files on the machine, just as other applications are, or HTAs may be downloaded from the Web.
Installing HTA files on a machine can be done in the same way as the files that constitute any applications: copy the files from a disk or network, by means of any installer tool or self-extracting executable file. The HTA will run when launched from a shell folder, from a link in the Start menu, or from a command line, and so forth.
Alternatively, HTAs may also be downloaded over HTTP or HTTPS just as Web pages are. Downloading allows a single copy of the HTA, maintained on the server, to be used by a large number of clients, which don't have to explicitly install the HTA on each machine. Further, the latest updated versions on the server will be propagated to the clients as needed with each download.
The advantages of downloading need to considered against some possible disadvantages that may or may not be significant, depending on the user's requirements. First, downloaded applications can only be used when the client machine is connected to the network: if users need to use the HTA while offline, installing the files may be the best choice. Second, there is an issue of security and trust: just as the user needs to choose whether or not to run or save an executable file downloaded over the Web, the same decision needs to be made for any HTA every time it is downloaded. (Since HTAs are trusted applications, it would be unsafe to allow any Web page to download and run any HTA without the user's consent.)
Hybrid combinations of installed files and downloaded content can, in some cases, be a good compromise as a delivery mechanism for HTAs. Since all images, subframes, and components of HTAs may be designated by any URL, it is possible to install just the HTA file on the client machine and have all the other pieces delivered as needed via HTTP. Since the HTA file is installed it can be launched without additional warnings to the user; once running, the HTA can dynamically pull down other pieces over the Web as needed and be guaranteed to always get the latest updated content from the server.
Built of the same stuff that powers the Web -- DHTML technologies - HTAs can be deployed like standalone applications, like Web pages, or as a hybrid of both.
Loren Kohnfelder is a program manager on the Internet Explorer team.
Did you find this material useful? Gripes? Compliments? Suggestions for other articles? Write us!
© 1999 Microsoft Corporation. All rights reserved. Terms of use.
Back to top