Webarchive

This article is about webarchive file format. For web archiving, see web archiving. For web.archive.org website, see Internet Archive.
Web archive
Filename extension .webarchive
Internet media type application/x-webarchive
Uniform Type Identifier (UTI) com.apple.webarchive
Type of format web page file archive
Container for websites
Extended from Apple Binary Property List

The webarchive file format is available on Mac OS X and Windows for saving and reviewing complete web pages using the Safari web browser.[1] The webarchive format differs from a standalone HTML file because it also saves linked files such as images, CSS, and JavaScript.[2] The webarchive format is a concatenation of source files with filenames saved in the binary plist format using NSKeyedArchiver. Support for webarchive documents was added in Safari 4 Beta on Windows and is included in subsequent versions. Safari for iOS (iPhone and iPad) does not support web archive files natively, however a third party app[3] provides this functionality.

Usage

Vulnerability

In February 2013, a vulnerability with the webarchive format was discovered and reported by Joe Vennix, a Metasploit Project developer. The exploit allows an attacker to send a crafted webarchive to a user containing code to access cookies, local files, and other data. Apple's response to the report was that it will not fix the bug, most likely because it requires action on the users part in opening the file.[6]

Converting for other browsers

Workarounds to allow the file to be viewed in other browsers are possible, though specific webpage contents may hinder this process. This requires one of the free tools WebArchive Folderizer (for OS X 10.2 and higher)[1] or WebArchive Extractor (for OS X 10.4.3 and higher).[7]

Alternatives

MAFF is an open format (with a published specification) that enables saving of whole webpages in a single file. It is currently supported by Firefox, using an extension.[8] Other web browsers use the MHTML format or do the equivalent by saving a directory of inline resources (usually images) alongside the HTML file, sometimes compressed, like the .war format used by Konqueror (tar+gzip or tar+bzip2). Safari does not support these alternative archive formats.

For archiving entire websites, the Internet Archive has developed the Web ARChive (WARC) format which was standardized by ISO.

HTMLD (HTML Directory) is a NeXT-developed format for saving web pages and their dependencies in a bundle that may also be served by a web server.[9]

References

  1. 1 2 De-archive Web Archives
  2. Arnott, Nick. "Apple declines to fix vulnerability in Safari's Web Archive files, likely because it requires user action to exploit". iMore. Mobile Nations. Retrieved 7 February 2015.
  3. Web Archive Viewer
  4. "iAd JS Programming Guide: Web Archives and Manifest Files". Mac Developer Library. Apple. Retrieved 7 February 2015.
  5. "WebArchive Class Reference". Mac Developer Library. Apple. Retrieved 7 February 2015.
  6. Vennix, Joe. "Abusing Safari's webarchive file format". Rapid7 Metasploit. Rapid7. Retrieved 7 February 2015.
  7. WebArchive Extractor
  8. "Mozilla Archive Format, with MHT and Faithful Save". Retrieved 8 December 2011.
  9. ".htmld Discussion".


This article is issued from Wikipedia - version of the Thursday, April 14, 2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.