Parameter passing

Posted on 1997-04-03
Last Modified: 2013-11-18
I'm building a testing/training application in HTML, to be displayed using MSIE.  All the files are local (i.e., I'm using MSIE/HTML as my engine, but nothing's actually going across the net).  I need to call a testing app from my HTML, and pass it a parameter.  Calling the app is easy, using
HREF = "c:\\......tester.exe".  

However, I can't find a way to pass the app a command line parameter.  I've tried HREF = "...tester.exe?parameter" and HREF = "...tester.exe parameter" to no avail.

tester.exe is a small Visual C++ app.  Calling it from the Win95 run command with a parameter (e.g.  tester.exe  parameter)  works fine.

Thanks for your help.

I'm giving this 100 points, although I suspect that it is either very easy, or fairly difficult.
Question by:guillebeau
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2

Expert Comment

ID: 1835986
Calling an .exe from within a browser (using an HTML document) is really strange. This is probably MSIE specific and it is probably related to serious bugs inside MSIE that create security problems. You may use it locally for a while but you should not build any serious application this way. You should think about a different solution because:
1) "c:\\...something.exe" is not valid URL, therefore also your document cannot be valid (validated).
2) Microsoft will probably try to remove security holes in MSIE in future and your application may stop to work, because it is highly probable that they will remove the feature you want to use.
3) The HTML 3.2 standard was released in January and it is highly probable that next versions of clients will try to follow the standard because it defines many common features of the "de facto" HTML standards created by Microsoft, Netscape, and by others. The 3.2 will does not allow things like those you try to use. Nor the previous standards did.

To summarize: you may be a successfull hacker for the near future, but you may be wasting energy for later future as the solution may stop to work.


Author Comment

ID: 1835987
This answer offers me no help, and is wrong on several technical

Accessing an .exe from a local web page may be strange, but it is not MSIE specific.  Both MSIE and Netscape allow access to
a local file, which is handled by your helper app. An example is an .avi file, which kicks off whatever version of avi viewer your system (Win95, in my case) has configured.

If referencing an .exe from within my HTML is poor form or dangerous, I'd like a suggestion on how best to approach this.  My fundamental problem is that I want to display info using HTML with MSIE, then execute an app to perform a test and report back.  Getting the info back to the user is easy (the app constructs an HTML page and passes it back), but I need a simple way to pass small bits of info from the HTML to the app.

If this is a more difficult problem than I anticipated, I will be happy to increase the points, if another expert feels this is warranted.

Thanks for looking at this.

Expert Comment

ID: 1835988
OK, now both we know our positions better than before. I am going to suggest you the solution. But firstly, I want to make clear the things from my previous answer and your comment.

1) If you can type <a href="c:\\some\\path\\pgm.exe">click here</a> (exactly this way) and if the browser launched the program then something is VERY WRONG because you could offer the user the document with a link like: <a href="c:\\windows\\command\\">click here and don't worry</a> (or you can use similar dangerous system program) -- THIS means the security hole. I almost never read the source of a document to check what will happen when I click a link. Nobody does. Because of this, the browser must ensure that it is NOT POSSIBLE to do such things.

2) Launching the exe and accessing a local document is a completely different story. HTML defines protocol for accessing a local file: <a href="file://c|/path/to/the/somefile.ext">click</a> where the "file:" is written literally and it defines that the protocol for accessing the local document should be used. Notice that the colon after "c" is replaced by bar, because the colon char is used for other purposes in valid URLs.

3) The difference from launching an .exe and .avi is that runnig the exe means to launch independent application which cannot be further controled by the browser. To launch avi means that the BROWSER starts to interpret the avi. This do not start whatever viewer but some specific extension of the browser. If you look into Help - About Netscape..., you can find there "Contains QuickTime(TM} plug-in software developed by Apple Computer, Inc." -- this is the extension for interpreting avi (probably something similar is used in MSIE). In other words, plug-in is a well designed extension of the browser (from the security point of view) that do ensure that nothing wrong will happen with the system. The same way the Java interpreter is built in.

The point 3) is the answer to your question "how should I do it". If you want to be correct and if you do not have a WWW server, you have to write your own plug-in that will replace the functionality of the CGI script which would run on WWW server. The difference is that the CGI is bound to the server while the plug-in is bound to the client. If your program can do only secure things then it is a correct solution. But you have to INSTALL the plug-in to all browsers before it is used for your application. The instalation of the plug-in is the action when the user accepts the possibility that his/her browser capabilities were extended by presumably secure piece of software. However, the plug-in cannot be secure when it allows you to execute whatever program (then you still can do things like "").

I am not an expert in writing plug-ins (this was not a question), but I assume that it may be more difficult than to run a WWW server and write a CGI script, because you must write the plug-in for more browsers and possibly for more platforms while the problems with security in CGI and plug-ins are comparable.
  I positively know that it is possible to write a plug-it which works with both MSIE and Netscape (for example Xara's plug-in for displaying vector images inside your document is freely available at and they say it works with both browsers).
  I still think that running a WWW server on one old computer in your LAN will bring you fewer problems. Then you can solve the problem using CGI scripts -- you can find many information about how to write them.
  Another (standard) solution is to build the application that has nothing to do with an HTML browser.

See you, Petr
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.


Author Comment

ID: 1835989

Thanks for your comments, but I don't think we're making much progress here.  Perhaps I haven't been clear with my question.  
My application will not run on a network of any kind.  It will be on a laptop computer that a soldier will take to the field to work on equipment.  This will give him an interactive training manual, with builtin testing applications.  I'm using HTML/MSIE because of their ability to display graphics, video, hyperlinks, etc, and their well-known user interfaces.

At this point, I know I can execute the .exe from either MSIE or Netscape.  The question is, how can I pass that exe a parameter?

The actual line that Claris Home Page generates when I tell it to build a link to a file is as follows:

<P><A HREF="/C:/SEDMlrs/boom/tester/Release/tester.exe">

This works.  I understand your objections, but MSIE gives me a message box labelled Authenticode Security Technology, warning me that the application has not been authenticated, and asks if I want to continue.  Netscape does much the same thing, unless I register the exe file with it.  BTW, when I changed the above line to HREF= "file://c|... at your suggestion, it had no effect in MSIE, and refused to do anything in Netscape.

Thanks for trying,  but I'm not interested in continueing to argue with you about whether I can do what I'm already doing.  Please let someone else take a shot at this.  

Accepted Solution

Christian_Wenz earned 100 total points
ID: 1835990

I try to look at the problem from  another angle:
I assume you know the parameter that has to be added to the command line.
How about writing an _easy_ plugin? Give the EXE another extension, let's say .ABC; then, define a viewer for that kind of application, and may it be a simple program that does the following:

1) renaming NAME.ABC to NAME.EXE

May this help you?


Author Comment

ID: 1835991
Thanks,  Christian.
Your advice solved my problem.

Mike Guillebeau

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Building a website can seem like a daunting task to the uninitiated but it really only requires knowledge of two basic languages: HTML and CSS.
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
In this tutorial viewers will learn how to embed videos in a webpage using HTML5. Ensure your DOCTYPE declaration is set to HTML5: "<!DOCTYPE html>": Use the <video> tag to insert a video. Define the src as the URL of your video; this is similar to …
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question