- This article refers to Microsoft's proprietary HTA implementation. For information regarding the HTML5 Cache Manifest, also referred to as offline HTML applications, please see Cache manifest in HTML5.
|Internet media type|
An HTML Application (HTA) is a Microsoft Windows program whose source code consists of HTML, Dynamic HTML, and one or more scripting languages supported by Internet Explorer, such as VBScript or JScript. The HTML is used to generate the user interface, and the scripting language is used for the program logic. An HTA executes without the constraints of the internet browser security model; in fact, it executes as a "fully trusted" application.
The usual file extension of an HTA is
HTAs give the developer the features of HTML together with the advantages of scripting languages. They are popular with Microsoft system administrators who use them for system administration from prototypes to "full-scale" applications, especially where flexibility and speed of development are critical.
An HTA is executed using the program
mshta.exe, or, alternatively, double-clicking on the file. This program is typically installed along with Internet Explorer.
mshta.exe executes the HTA by instantiating the Internet Explorer rendering engine (mshtml) as well as any required language engines (such as vbscript.dll).
An HTA is treated like any executable file with extension
.exe. When executed via mshta.exe (or if the file icon is double-clicked), it runs immediately. When executed remotely via the browser, the user is asked once, before the HTA is downloaded, whether or not to save or run the application; if saved, it can simply be run on demand after that.
By default, HTAs are rendered as per "standards-mode content in IE7 Standards mode and quirks mode content in IE5 (Quirks) mode", but this can be altered using
HTAs are fully supported in Internet Explorer from versions 5 to 9. Further versions, such as 10 and 11, still support HTAs though with some minor features turned off.
When a regular HTML file is executed, the execution is confined to the security model of the web browser, that is, it is confined to communicating with the server, manipulating the page's object model (usually to validate forms and/or create interesting visual effects) and reading or writing cookies.
On the other hand, an HTA runs as a fully trusted application and therefore has more privileges than a normal HTML file; for example, an HTA can create, edit and remove files and registry entries. Although HTAs run in this 'trusted' environment, querying Active Directory can be subject to Internet Explorer Zone logic and associated error messages.
To customize the appearance of an HTA, an optional tag
hta:application was introduced to the
HEAD section. This tag exposes a set of attributes that enable control of border style, the program icon, etc., and provide information such as the argument (command line) used to launch the HTA. Otherwise, an HTA has the same format as an HTML page.
An existing HTML file (with file extension
.html, for example) can be changed to an HTA by simply changing the extension to
This is an example of Hello World as an HTML Application.
<HTML> <HEAD> <HTA:APPLICATION ID="HelloExample" BORDER="thick" BORDERSTYLE="complex"/> <TITLE>HTA - Hello World</TITLE> </HEAD> <BODY> <H2>HTA - Hello World</H2> </BODY> </HTML>
- Active Scripting
- Chromium Embedded Framework
- Electron (software framework)
- Firefox OS
- XAML Browser Applications (XBAPs)
- XUL and XULRunner - a language and environment for Mozilla cross-platform applications that resembles the mechanism of HTML Applications.
- Apache Cordova
- Article ID:200874 in Microsoft Support, in Microsoft Support Knowledge Base
- Microsoft wins HTML application patent
- "Introduction to HTML Applications (HTAs)". Microsft MSDN. May 2011. Retrieved 24 June 2016. Sections include Why Use HTAs, Creating an HTA, HTA-Specific Functionality, Security, Compatibility, Deployment
- HTA:APPLICATION Object, in MSDN Library, the complete specification of the tag
- HTA Helpomatic
- HTAEdit, an editor for HTAs with a built-in debugger
- "Spora Ransomware Dropper Uses HTA to Infect System". VMRay. 2017-01-17. Retrieved 2018-12-22.
- "8 Scariest Ransomware Viruses". Retrieved 2018-12-22.
- HTML Component (HTC) Reference at MSDN. An HTC encapsulates specific functionality or behavior within HTAs.
- The Script Center, The Script Center, home of Hey, Scripting Guy! Blog
- Learn About Scripting for HTML Applications (HTAs), a tutorial site for learning about HTA's