Re: [Re: Internet Explorer 5.0 HTML Applications]

[seanmckay () NETSCAPE NET (McKay)]

"Posick, Steve" <steve.posick () ESPN COM> wrote:

> Solution
> Disable File Downloads or disassociate .HTA files from MSHTA.exe. 
Disabling
> scripting does not stop this, we believe it is dew to the fact that the HTA
> is already on the local system at the time of execution, thus making it
> trusted.

The reason for this can be found in the MSDN.  It specifically 
states that HTA's, once run from the local hard drive or executed 
from the Internet are considered completely trusted applications 
and not under an security restrictions that IE4>= is under.  In 
fact, an HTA could download an arbitrary Java application and run it.  
HTA's can be very dangerous if users aren't taught to not run an HTA from     
     
the web or to let it be downloaded to a local hard drive.

McKay

____________________________________________________________________
Get your own FREE, personal Netscape WebMail account today at http://webmail.netscape.com.