Indicates whether the content of the object is an HTML Application (HTA) and, therefore, exempt from the browser security model.
Syntax
HTML |
<ELEMENT APPLICATION=bApplication ... >
|
---|
Scripting | N/A |
---|
Possible Values
bApplication | Boolean that specifies whether the content is trusted or untrusted based on the browser security model.no | Default. Browser security rules for unsafe content are applied; thus, all content of the frame or iframe is untrusted. | yes | All content of the frame or iframe is trusted. |
|
Remarks
The APPLICATION attribute can be used only in HTAs.
You can use the APPLICATION attribute to control the content of your Web pages. For example, you can use the attribute to create an HTA that has one frame that accesses unsafe content, such as Internet URLs, and another frame that accesses safe content. You can also use the attribute for cross-domain scripting between HTA-enabled frames.
A nested frame or iframe requires each container frame to be HTA-enabled (for example, APPLICATION="yes") for the innermost frame or iframe to accept the value of APPLICATION="yes". Take, for instance, an iframe that contains a frameset. Each frame within the frameset qualifies as being nested. For the innermost frame to be considered safe, it and each parent frame must be declared as APPLICATION="yes".
HTAs are designed to prevent each untrusted HTML frame and iframe from having script access to the HTA that contains them. In the case of a non-HTA-enabled frame, the highest-level frame comprises the top window for each frame that it contains. The window.top and window.self are the same for that frame. In addition, an unsafe frame or iframe receives neither a referrer nor an opener URL from the parent HTA. This means frame or iframe is not affected by the parent window of the containing HTA.
Standards Information
There is no public standard that applies to this attribute.
Applies To
See Also
Introduction to HTML Applications (HTAs), HTML Applications Reference