microsoft patents HTML applications

[Agent Johnson]

uuuhhhhhh.....

am i the only one who thinks maybe microsoft shouldn't go looking for ways "...making it possible to bypass the built-in security that browsers offer. ..."

[Tiger Shark]

Agent, Old chap.....

What, exactly, are you referring to here? A nice little link to a story or something would be really nice.....

[MrLinus]

Tiger, I think it's in reference to this:

http://news.com.com/2100-1012_3-5119072.html

Microsoft on Tuesday won a patent for launching a certain kind of HTML application within Windows.

The patent, "Method and apparatus for writing a Windows application in HTML" (Hypertext Markup Language), describes Microsoft's way of opening up HTML applications in a window free of navigation and other interface elements, known as "chrome," and browser security restrictions.

One example of an HTML application at work in Windows is the "Add or Remove Programs" feature in the control panel.

On a page about HTML applications on its Developer Network site, Microsoft described the technique as a way to harness HTML's power while bypassing its network and interface-related restrictions.

"HTML Applications (HTAs) are full-fledged applications," the page reads. "These applications are trusted and display only the menus, icons, toolbars, and title information that the Web developer creates. In short, HTAs pack all the power of Microsoft Internet Explorer--its object model, performance, rendering power, protocol support, and channel-download technology--without enforcing the strict security model and user interface of the browser."

Other interesting versions:

http://news.com.com/2100-1001-984052.html
http://news.zdnet.co.uk/software/dev...9118430,00.htm

[Agent Johnson]

oopsie

http://news.zdnet.co.uk/software/dev...9118430,00.htm

[groovicus]

After reading the articles, I agree with you Agent Johnson. That's just what we need...a way for non programmers to be able to program that bypasses browser security settings...unless I am reading this wrong, or my 2 brain cells are misfiring..what exactly is the benifit here? What am I missing?

[dopeydadwarf]

This relaxed security allows an HTML author to do things such as: read from a user's local computer; write to a user's local computer and perform scripting of frames between domains.

Sounds like they are trying to make software that is easier to exploit. Not that they have been doing a bad job thus far.

The other thought that comes to mind is WTF are they thinking by doing this?

IMHO this is insane.



/edit f1x3d typ0z

[Tiger Shark]

Thanks to both of you......

I have to admit that, with M$'s record on holes.....

In short, HTAs pack all the power of Microsoft Internet Explorer--its object model, performance, rendering power, protocol support, and channel-download technology--without enforcing the strict security model and user interface of the browser

while not new, is a little brazen of them.....

OTOH, if a cracker/virus/malware author uses them to attack M$ in the future they can sue for patent infringement.....

[MrLinus]

OTOH, if a cracker/virus/malware author uses them to attack M$ in the future they can sue for patent infringement.....

Ya. Right. How many malware/virus/crackers do you know that are worth suing?

[Tiger Shark]

Ms. M: LOL..... and hence the at the end.....

But then again, I never said M$ were the sharpest knives in the drawer, maybe they have a plan.....

[dopeydadwarf]

They may not be worth sueing. But if Microsoft is willing to pay $250,00 for the blaster/sobig coders, I am inclined to think they have something up their sleeve.