Indicates whether the content of the object is an HTML Application (HTA), which is exempt from the security model.


Scripting N/A

Possible Values

bApplication A Boolean that specifies whether the content is trusted or untrusted based on the security model.
Default. Security rules for unsafe content are applied; all content of the frame or iframe is untrusted.
All content of the frame or iframe is trusted.


The APPLICATION attribute can be used only in HTAs.

You can use the APPLICATION attribute to control the content of your documents . For example, you can use the attribute to create an HTA that has one frame to access unsafe content, such as Internet URLs, and another frame to access safe content. You can also use the attribute for cross-domain scripting between HTA-enabled frames.

A nested frame or iframe requires that each container frame is HTA-enabled, so that the innermost frame or iframe is considered safe. For example, an iframe contains a frameset. The iframe has a value of APPLICATION= "yes". Each frame within the frameset qualifies as a nested frame. For the innermost frame to be considered safe, that frame and each parent frame must be declared as APPLICATION= "yes".

HTAs are designed to prevent each untrusted HTML frame and iframe from having script access to the HTA that contains them. In a frame that is not HTA-enabled, the highest-level frame comprises the top window for each frame that it contains. The window. top and window. self are the same for that frame. In addition, an unsafe frame or iframe does not receive a referrer or an opener URL from the parent HTA. This means a frame or an iframe is not affected by the parent window of the container HTA.

Standards Information

There is no public standard that applies to this attribute.

Applies To


See Also

Introduction to HTML Applications (HTAs), HTML Applications Reference