MHTML

MHTML

Filename extension	.mht, .mhtml
Internet media type	multipart/related application/x-mimearchive message/rfc822
Type of format	Markup language
Extended from	HTML
Standard	RFC 2557 (proposed 1999)

MHTML, an initialism of "MIME encapsulation of aggregate HTML documents", is a web archiving file format used to combine, in a single computer file, the HTML code and its companion resources (such as images) that are represented by external hyperlinks in the web page's HTML code. The content of an MHTML file is encoded using the same techniques that were first developed for HTML email messages, using the MIME content type multipart/related. ^[1] MHTML files use an .mhtml or .mht filename extension.

The first part of the file is an e-mail header. The second part is normally HTML code. Subsequent parts are additional resources identified by their original uniform resource locators (URLs) and encoded in base64 binary-to-text encoding. MHTML was proposed as an open standard, then circulated in a revised edition in 1999 as RFC 2557.

The .mhtml and .eml filename extensions are interchangeable: either filename extension can be changed from one to the other. An .eml message can be sent by e-mail, and it can be displayed by an email client. An email message can be saved using a .mhtml or .mht filename extension and then opened for display in a web browser or for editing other programs, including word processors and text editors.

Layout

The header of an MHTML file contains metadata such as a date and time stamp, page title, the source URL, and a unique randomized boundary string for separating resources contained within the file. The boundary string is defined at the beginning and used throughout the file.

From:<SavedbyBlink> Snapshot-Content-Location:https://en.wikipedia.org/wiki/Smartphone Subject:Smartphone-Wikipedia Date:Sat, 24 Sep 2022 00:34:32 -0000MIME-Version:1.0 Content-Type:multipart/related; type="text/html"; boundary="----MultipartBoundary--GsIBda0vjy2AKIAIliwl7JMwezXDRjDAsLje9khd5l----"

Then, the page resources are contained sequentially, starting with the page's rendered HTML source code. Each resource has its own metadata header which specifies its MIME type and the original location.

------MultipartBoundary--GsIBda0vjy2AKIAIliwl7JMwezXDRjDAsLje9khd5l----Content-Type:text/htmlContent-ID:<frame-D968CEC8BB7E60A1859261A8CA5DFB4D@mhtml.blink>Content-Transfer-Encoding:binaryContent-Location:https://en.wikipedia.org/wiki/Smartphone  <!DOCTYPE html>

The MHTML file ends with a boundary string that is not followed by any data. ^[2]

MIME type

MIME type for MHTML is not well agreed upon. Used MIME types include:

• multipart/related
• application/x-mimearchive
• message/rfc822

Supporting apps

Web browsers

Some browsers support the MHTML format, either directly or through third-party extensions, but the process for saving a web page along with its resources as an MHTML file is not standardized. Due to this, a web page saved as an MHTML file using one browser may render differently on another.

• Internet Explorer 5 was the first browser to support reading and saving web pages and external resources to a single MHTML file.
• Microsoft Edge , after switching to the Chromium source code, supports saving web pages as MHTML.
• Opera: Support for saving web pages as MHTML files was made available in the Opera 9.0 web browser. ^[3] From Opera 9.50 through the rest of the Presto-based Opera product line (version 12.16 as of 19 July 2013), the default format for saving pages is MHTML. The initial release of the new Webkit/Blink-based Opera (version 15) did not support MHTML, but subsequent releases (16 and later) do. MHTML can be enabled by typing "opera://flags#save-page-as-mhtml" at the address bar.
• Google Chrome 86 and later can create MHTML files.
• Yandex Browser 22.7.4.960 (July 2022) and later can create MHTML (multipart/related) files.
• Vivaldi 2.3 and later can create MHTML files. ^[4] It supports both reading and writing MHTML files by toggling the "vivaldi://flags/#save-page-as-mhtml" option.
• Firefox does not support MHTML. ^[5] Until version 57 ("Firefox Quantum"), two browser extension, Mozilla Archive Format or UnMHT, could read and write MHTML files. These extensions are incompatible with version 57 and later.
• Safari 3.1.1 and later terminated native support for the MHTML format. Instead, the browser supports the Web Archive format. The macOS version includes a print-to-PDF feature. As with most other modern web browsers, support for MHTML files can be added to Safari via various third-party extensions.
• Konqueror 3.5.7 and later terminated support for MHTML files. An extension project, mhtconv, can be used to allow saving and viewing of MHTML files.
• NetFront 3.4 (on devices such as the Sony Ericsson K850) can view and save MHTML files.
• Pale Moon requires an extension to be installed to read and write MHT files. One extension is freely available, MozArchiver, a fork of Mozilla Archive Format extension.
• GNOME Web added support for read and save web pages in MHTML since version 3.14.1 released in September 2014. ^[6]

Other apps

• Problem Steps Recorder for Windows can save its output to MHT format.
• The "Save to Google Drive" extension for Google Chrome can save as MHTML as one of its outputs.
• Microsoft OneNote 2010 and later can email individual pages as .mht files.
• Evernote for Windows can export notes as MHT format, as an alternative to HTML or its own native .enex format.

Exploits

In May 2015, a researcher noted that attackers could build malicious documents by creating an MHT file, appending an MSO object at the end (MSO is a file format used by the Microsoft Outlook e-mail application), and renaming the resulting file with a .doc extension. ^[7] The delivery method would be by spam emails. ^[8]

In April 2019, a security researcher published details about an XML external entity (XXE) vulnerability that could be exploited when a user opens an MHT file. Since the Windows operating system is set to automatically open all MHT files, by default, in Internet Explorer, the exploit could be triggered when a user double-clicked on a file that they received via email, instant messaging, or another vector, including a different browser. ^[9]

Alternatives

data URI scheme

The data URI scheme offers an alternative for including separate elements such as images, style-sheets and scripts in-line when serving an HTML request or saving an HTML resource for offline use. Like the embedded content within MHTML, data URIs use Base64 encoding of the external resources (which may be binary or text) to embed them in-line within the HTML markup. HTML pages saved with external elements embedded using the data URI scheme are standard web pages, and can be opened by any modern browser, including browsers not supporting MHTML such as Mozilla Firefox. ^[10] Unlike MHTML, saving web pages with their external resources embedded using data URIs requires a third-party extension to be installed in the browser. ^[11]

Mozilla Archive Format

The Mozilla Archive Format (MAFF) is a legacy Web archive file format that was supported by Firefox from 2004 to 2018 through an add-on. ^[12] Unlike both MHTML and data URIs, MAFF uses a ZIP container to preserve both the HTML file and its external elements. In October 2017 the add-on developer announced the format would no longer be supported in future versions of Firefox. ^[13]

See also

• data URI scheme
• Mozilla Archive Format
• Web Archive format
• WARC format

References

1. Holden, Amanda. "Difference of HTML & MHTML". Archived from the original on 17 November 2017. Retrieved 17 November 2017.
2. "2. The MHTML File Format - Hunchly Knowledge Base". support.hunch.ly. October 17, 2018. Retrieved 24 September 2022.
3. Santambrogio, Claudio (10 March 2006). "…and one more weekly!". Opera Software. Archived from the original on 15 January 2010. Retrieved 2009-05-15.
4. février 6, Publié sur; Tetzchner, 2019-Par Jon von (2019-02-06). "Vivaldi Update | Auto-Stacking Tabs". Vivaldi (in French). Retrieved 2019-05-16.
5. "Bug 40873 - Save as rfc 2557 MHTML; complete webpage in one file".
6. "NEWS · master · GNOME / Epiphany". 28 July 2023.
7. Kovacs, Eduard (May 11, 2015). "Attackers Hide Malicious Macros in MHTML Documents". SecurityWeek.Com. Retrieved April 19, 2019.
8. Mosuela, Lordian (July 10, 2015). "New Tricks of Macro Malware". Cyren. Retrieved April 19, 2019.
9. Cimpanu, Catalin (April 12, 2019). "Internet Explorer zero-day lets hackers steal files from Windows PCs". ZDNet . Retrieved April 19, 2019.
10. "Data URLs - HTTP". MDN. Retrieved April 2, 2023.
11. Brinkmann, Martin (September 3, 2018). "Save any webpage as a single file in Chrome or Firefox - gHacks Tech News". ghacks.net. Retrieved April 2, 2023.
12. "Mozilla Archive Format Add-on - File Format Overview". amadzone. Retrieved April 2, 2023.
13. "Firefox Addon: MAF - Mozilla Archive Format". Archived from the original on 2 November 2017. Retrieved 2 April 2023.

External links

• MHTML standard explained
• RFC 2557 (1999)—MIME Encapsulation of Aggregate Documents, such as HTML (MHTML)
• RFC 2110 (1997, Obsolete)—MIME E-mail Encapsulation of Aggregate Documents, such as HTML (MHTML)