Dynamic HTML in Action

HTML Applications (HTAs) offer a cool new technology supported in Internet Explorer 5 on 32-bit Windows platforms only. An HTA is a Web page or set of pages that appear and behave more like a traditional application than like a Web page. The most basic type of HTA can be created simply by changing the filename extension of a traditional Web page from HTM or HTML to HTA. Double-clicking on such a file will cause it to open in a window that looks like a standard application, without the toolbar and navigation buttons found in Internet Explorer.

A more advanced way of creating HTAs is to use the <HTA:APPLICATION> tag inside the head of an HTA file. This approach allows a great deal of control over the appearance of the application window. The following bit of code demonstrates the use of the <HTA:APPLICATION> tag, along with some of the properties that can be used to modify the window.

<HTA:APPLICATION ID="oHTA" APPLICATIONNAME="DemoApp" BORDER="thick" CAPTION="yes" SHOWINTASKBAR="yes" SYSMENU="no" WINDOWSTATE="normal">

Table 22-2 gives a more in-depth view of some of the special properties that can be used in HTA tags.

Table 22-2 Special Properties Used in HTA Files

Name Description
applicationName Sets the name of the HTA. This name is specific to the HTA and makes it possible to determine whether the HTA is running, regardless of the URL used to launch it.
border Sets the type of border to use. It can be thick (the default), thin, none, or dialog.
borderStyle Sets the appearance of the border. It can be normal (the default), complex, raised, static, and sunken.
caption Sets whether a title bar is displayed. Default value is yes.
commandLine Read-only property that contains the path necessary to launch the HTA from the command prompt.
icon A URL for an icon to use for the HTA. The icon should be a standard 32 by 32 pixel ICO file.
maximizeButton Sets whether a maximize button is displayed. Default value is yes.
minimizeButton Sets whether a minimize button is displayed. Default value is yes.
showInTaskbar Sets whether the HTA is displayed in the Windows "taskbar" and in the ALT-TAB list. Default value is yes.
singleInstance Sets whether multiple copies of the application can be run simultaneously. Default value is no.
sysMenu Sets whether a system menu (the menu that appears when the title bar is right clicked) is enabled. Default value is yes.
version Sets a version number for the application.
windowState Sets the initial size of the HTA window. It can be normal, minimize, or maximize.

DemoApp.hta, shown below, is a sample HTA that is illustrated in Figure 22-7. (DemoApp.hta is included in the chap22 folder on the companion CD.)

<HTML> <HEAD> <TITLE>DemoApp</TITLE> <HTA:APPLICATION ID="oHTA" APPLICATIONNAME="DemoApp" BORDER="thick" CAPTION="yes" SHOWINTASKBAR="yes" MAXIMIZEBUTTON="yes" MINIMIZEBUTTON="yes" WINDOWSTATE="normal"> </HEAD> <BODY> This is a basic HTML application. </BODY> </HTML>

Figure 22-7. A very basic HTML Application.

HTA Security

HTAs have different security restrictions than conventional Web pages. When an HTA is first downloaded, the user is asked whether it is to be trusted. If so, the user will not be asked to approve any other functionality of the HTA. This procedure is analogous to a traditional program, in which once a user has installed an application the application is given full access to the system's resources.

When an HTA has been loaded and approved, it is given access to many functions that are normally restricted. For example, HTA files have read/write access to the file system and the registry of the client's machine. HTAs can also use Internet Explorer command identifiers to do everything from changing the justification of a block of text to using the built-in Find command to locate and highlight text. Learn more about command identifiers from the SBN Workshop. On the companion CD see DHTML, HTML, & CSS; DHTML References; Command Identifiers. If your HTA contains FRAMEs or IFRAMEs that you do not control and that are not secure (for example, one frame might be intended to browse the Internet), you should force that frame to be bound by the standard security restrictions. You can accomplish this by setting the TRUSTED attribute of that FRAME or IFRAME to no—for example, <IFRAME SRC="somewhereElse.htm" TRUSTED="no">.

Категории