We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now


Parameter passing

guillebeau asked
Medium Priority
Last Modified: 2013-11-18
I'm building a testing/training application in HTML, to be displayed using MSIE.  All the files are local (i.e., I'm using MSIE/HTML as my engine, but nothing's actually going across the net).  I need to call a testing app from my HTML, and pass it a parameter.  Calling the app is easy, using
HREF = "c:\\......tester.exe".  

However, I can't find a way to pass the app a command line parameter.  I've tried HREF = "...tester.exe?parameter" and HREF = "...tester.exe parameter" to no avail.

tester.exe is a small Visual C++ app.  Calling it from the Win95 run command with a parameter (e.g.  tester.exe  parameter)  works fine.

Thanks for your help.

I'm giving this 100 points, although I suspect that it is either very easy, or fairly difficult.
Watch Question

Calling an .exe from within a browser (using an HTML document) is really strange. This is probably MSIE specific and it is probably related to serious bugs inside MSIE that create security problems. You may use it locally for a while but you should not build any serious application this way. You should think about a different solution because:
1) "c:\\...something.exe" is not valid URL, therefore also your document cannot be valid (validated).
2) Microsoft will probably try to remove security holes in MSIE in future and your application may stop to work, because it is highly probable that they will remove the feature you want to use.
3) The HTML 3.2 standard was released in January and it is highly probable that next versions of clients will try to follow the standard because it defines many common features of the "de facto" HTML standards created by Microsoft, Netscape, and by others. The 3.2 will does not allow things like those you try to use. Nor the previous standards did.

To summarize: you may be a successfull hacker for the near future, but you may be wasting energy for later future as the solution may stop to work.



This answer offers me no help, and is wrong on several technical

Accessing an .exe from a local web page may be strange, but it is not MSIE specific.  Both MSIE and Netscape allow access to
a local file, which is handled by your helper app. An example is an .avi file, which kicks off whatever version of avi viewer your system (Win95, in my case) has configured.

If referencing an .exe from within my HTML is poor form or dangerous, I'd like a suggestion on how best to approach this.  My fundamental problem is that I want to display info using HTML with MSIE, then execute an app to perform a test and report back.  Getting the info back to the user is easy (the app constructs an HTML page and passes it back), but I need a simple way to pass small bits of info from the HTML to the app.

If this is a more difficult problem than I anticipated, I will be happy to increase the points, if another expert feels this is warranted.

Thanks for looking at this.

OK, now both we know our positions better than before. I am going to suggest you the solution. But firstly, I want to make clear the things from my previous answer and your comment.

1) If you can type <a href="c:\\some\\path\\pgm.exe">click here</a> (exactly this way) and if the browser launched the program then something is VERY WRONG because you could offer the user the document with a link like: <a href="c:\\windows\\command\\format.com?c:">click here and don't worry</a> (or you can use similar dangerous system program) -- THIS means the security hole. I almost never read the source of a document to check what will happen when I click a link. Nobody does. Because of this, the browser must ensure that it is NOT POSSIBLE to do such things.

2) Launching the exe and accessing a local document is a completely different story. HTML defines protocol for accessing a local file: <a href="file://c|/path/to/the/somefile.ext">click</a> where the "file:" is written literally and it defines that the protocol for accessing the local document should be used. Notice that the colon after "c" is replaced by bar, because the colon char is used for other purposes in valid URLs.

3) The difference from launching an .exe and .avi is that runnig the exe means to launch independent application which cannot be further controled by the browser. To launch avi means that the BROWSER starts to interpret the avi. This do not start whatever viewer but some specific extension of the browser. If you look into Help - About Netscape..., you can find there "Contains QuickTime(TM} plug-in software developed by Apple Computer, Inc." -- this is the extension for interpreting avi (probably something similar is used in MSIE). In other words, plug-in is a well designed extension of the browser (from the security point of view) that do ensure that nothing wrong will happen with the system. The same way the Java interpreter is built in.

The point 3) is the answer to your question "how should I do it". If you want to be correct and if you do not have a WWW server, you have to write your own plug-in that will replace the functionality of the CGI script which would run on WWW server. The difference is that the CGI is bound to the server while the plug-in is bound to the client. If your program can do only secure things then it is a correct solution. But you have to INSTALL the plug-in to all browsers before it is used for your application. The instalation of the plug-in is the action when the user accepts the possibility that his/her browser capabilities were extended by presumably secure piece of software. However, the plug-in cannot be secure when it allows you to execute whatever program (then you still can do things like "format.com").

I am not an expert in writing plug-ins (this was not a question), but I assume that it may be more difficult than to run a WWW server and write a CGI script, because you must write the plug-in for more browsers and possibly for more platforms while the problems with security in CGI and plug-ins are comparable.
  I positively know that it is possible to write a plug-it which works with both MSIE and Netscape (for example Xara's plug-in for displaying vector images inside your document is freely available at http://www.xara.com/corelxara/plugin.html and they say it works with both browsers).
  I still think that running a WWW server on one old computer in your LAN will bring you fewer problems. Then you can solve the problem using CGI scripts -- you can find many information about how to write them.
  Another (standard) solution is to build the application that has nothing to do with an HTML browser.

See you, Petr



Thanks for your comments, but I don't think we're making much progress here.  Perhaps I haven't been clear with my question.  
My application will not run on a network of any kind.  It will be on a laptop computer that a soldier will take to the field to work on equipment.  This will give him an interactive training manual, with builtin testing applications.  I'm using HTML/MSIE because of their ability to display graphics, video, hyperlinks, etc, and their well-known user interfaces.

At this point, I know I can execute the .exe from either MSIE or Netscape.  The question is, how can I pass that exe a parameter?

The actual line that Claris Home Page generates when I tell it to build a link to a file is as follows:

<P><A HREF="/C:/SEDMlrs/boom/tester/Release/tester.exe">

This works.  I understand your objections, but MSIE gives me a message box labelled Authenticode Security Technology, warning me that the application has not been authenticated, and asks if I want to continue.  Netscape does much the same thing, unless I register the exe file with it.  BTW, when I changed the above line to HREF= "file://c|... at your suggestion, it had no effect in MSIE, and refused to do anything in Netscape.

Thanks for trying,  but I'm not interested in continueing to argue with you about whether I can do what I'm already doing.  Please let someone else take a shot at this.  

I try to look at the problem from  another angle:
I assume you know the parameter that has to be added to the command line.
How about writing an _easy_ plugin? Give the EXE another extension, let's say .ABC; then, define a viewer for that kind of application, and may it be a simple program that does the following:

1) renaming NAME.ABC to NAME.EXE

May this help you?


Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts


Thanks,  Christian.
Your advice solved my problem.

Mike Guillebeau
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.