MHTML
MHTML, an acronym for MIME Encapsulation of Aggregate Documents, such as HTML (MHTML), is a standardized file format that combines a root HTML document with its subsidiary resources—such as images, stylesheets, and embedded objects—into a single, self-contained archive using the MIME multipart/related content type.[1] This structure enables the complete representation of multimedia HTML documents in one file, preserving all internal references for transmission or storage without external dependencies.[1] Defined in RFC 2557 and published by the Internet Engineering Task Force (IETF) in March 1999, MHTML serves as an Internet Standards Track protocol that obsoletes the earlier RFC 2110.[1] It was developed to facilitate the aggregation and transfer of complex HTML-based content, originally motivated by the needs of email systems to handle multimedia messages reliably, but it extends to other protocols like HTTP and FTP for purposes such as web archiving.[1] The format employs Content-Location and Content-ID headers to map URIs within the HTML to the embedded resources, ensuring that the document renders identically when opened, while also supporting security considerations like verifying resource origins to mitigate misrepresentation risks.[1] MHTML files commonly bear the .mhtml or .mht filename extensions and are widely supported by web browsers such as Chrome, Edge, and Opera for saving and viewing complete webpages offline, though not natively in Firefox or Safari as of 2025. For instance, Google Chrome provides an API for capturing tabs as MHTML archives, encapsulating the page and its resources in a single file compatible across most modern browsers.[2] Microsoft Internet Explorer and Edge historically popularized the .mht extension for this purpose, integrating it into features like "Save as Webpage, Complete."[3] Beyond browsers, MHTML is used in reporting tools, such as SQL Server Reporting Services, to render outputs in a portable web archive format.[4] Despite its utility, adoption has been somewhat limited by the rise of alternative archiving methods, though it remains a robust option for scenarios requiring MIME-compliant, single-file preservation of web content.[1]Introduction
Definition and Purpose
MHTML, or MIME Encapsulation of Aggregate HTML Documents, is a standardized file format designed for web archiving that bundles an HTML document along with its associated resources—such as stylesheets, images, and other embedded elements—into a single, self-contained file. This encapsulation allows the complete web page to be preserved and viewed independently without requiring access to external servers or separate files.[1] The primary purpose of MHTML is to facilitate the offline viewing and portability of multimedia web content, particularly for scenarios where full internet connectivity is unavailable or undesirable. By aggregating all necessary components into one unit, it supports the preservation of web pages for long-term archiving, secure emailing of complete documents, and easy transfer across systems or protocols like HTTP and FTP. This format leverages a MIME-based structure, specifically the multipart/related type, to ensure compatibility with email systems and other MIME-aware applications.[1] Key benefits of MHTML include its single-file convenience, which eliminates the fragmentation associated with saving multiple interdependent files, and its ability to maintain document integrity by embedding all resources exactly as they appeared originally. This reduces loading times and potential errors from broken links, making it ideal for documentation tools and content sharing. Common file extensions for MHTML files are .mht and .mhtml.[1][5] Example use cases encompass saving web pages directly from browsers for personal archives, embedding full web content in email messages to ensure recipients see the intended layout without attachments, and utilizing the format in professional tools for generating self-contained reports or historical records.[1]History and Development
The development of MHTML originated in the mid-1990s as part of efforts to enable the transport and archiving of compound web documents, such as HTML pages with embedded resources, over email systems. The Internet Engineering Task Force (IETF) formed the MIME Encapsulation of Aggregate HTML Documents (mhtml) Working Group in March 1996 to address these needs, building on the existing Multipurpose Internet Mail Extensions (MIME) framework for handling multimedia content in email. The group's charter focused on standardizing methods to package HTML documents and their subsidiary resources—like images, stylesheets, and scripts—into a single MIME message, facilitating offline access and transmission without broken links. This work responded to the growing complexity of web content at the time, where simple HTML files alone could not capture full page fidelity.[6][7] Key foundational documents emerged from the MHTML Working Group prior to the primary standard. In March 1997, RFC 2110 outlined the initial MIME encapsulation approach for aggregate documents like HTML, while RFC 2111 defined uniform resource locators for Content-ID and Message-ID fields to reference embedded parts, and RFC 2112 specified the multipart/related content type for structuring related MIME body parts. These were obsoleted and consolidated in RFC 2557, published in March 1999, which established MHTML as a Proposed Standard for MIME encapsulation of aggregate documents. The specification was proposed as an Internet-Draft in 1998 and finalized after revisions by the working group, which concluded in June 1999. Influenced by core MIME standards (RFCs 2045–2049), MHTML extended email protocols to support web archiving.[8][1] Initial adoption of MHTML occurred shortly after standardization, with Microsoft Internet Explorer 5.0, released in March 1999, becoming the first web browser to implement support for saving and reading MHTML files, allowing users to archive complete web pages in a single file. This integration was bundled with Office 2000 and Outlook Express 5, promoting its use in the Microsoft ecosystem for email-based web sharing and offline viewing.[9] Since its publication, MHTML has seen no major updates or revisions to RFC 2557, remaining unchanged as the definitive standard into 2025. Native browser support has gradually declined with the rise of modern web technologies like progressive web apps and service workers, which offer more dynamic offline capabilities, leading to limited implementation in non-Microsoft browsers. However, it persists in legacy systems, particularly within Microsoft products such as Outlook and Edge's Internet Explorer mode, for compatibility with archived content and enterprise email workflows.[10]Technical Specifications
File Structure and Layout
MHTML files are structured as text-based MIME messages, emulating the format of email to aggregate a root HTML document and its referenced resources into a single, self-contained unit. The overall layout begins with a series of message headers, followed by the main HTML body part, and then one or more subsidiary resource parts, all organized within amultipart/related container that facilitates the association of related components. This structure ensures that the file can be transmitted or stored as a cohesive archive while preserving the original relationships between the HTML and its dependencies.[1]
The initial headers resemble those in email protocols, incorporating fields such as From, Subject, and Date to provide contextual metadata about the captured webpage. A critical header for MHTML is Content-Location, which assigns a URI—either absolute or relative—to each body part, enabling the mapping of resources to their original locations in the source document. These headers are followed by the Content-Type declaration for the entire message, specifying multipart/related along with a boundary parameter and the root type as text/html.[1]
The core of the file is the root body part, consisting of the HTML content marked with Content-Type: text/html (often with a charset like US-ASCII or UTF-8). This part includes the markup of the webpage, with embedded references to resources via URIs such as cid: for content identifiers or http: for external-like locations, which are resolved to the subsequent parts during processing.[1]
Subsidiary resources, including images, CSS stylesheets, and JavaScript files, appear as distinct MIME body parts following the root. Each such part includes headers like Content-ID for unique identification (enabling cid: references in the HTML) or Content-Location to match URL-based links, with binary assets encoded via mechanisms such as base64 to maintain text compatibility. For instance, an image part would specify Content-Type: image/gif and Content-Transfer-Encoding: base64, followed by the encoded data.[1]
Parts within the multipart/related structure are delimited by a unique boundary string, defined in the top-level Content-Type header (e.g., boundary="boundary-example"). Each part begins with --boundary on a new line, and the message concludes with --boundary-- to signal the end. This boundary mechanism prevents overlap and allows parsers to sequentially extract components.[1]
The following excerpt illustrates a basic MHTML structure with headers, an HTML root part referencing an image, and one resource part:
This example demonstrates the encapsulation of a simple HTML document with an inline image, where theContent-Type: multipart/related; boundary="boundary-example"; type="text/html" --boundary-example Content-Type: text/html; charset="US-ASCII" ...<!DOCTYPE HTML PUBLIC "-//IETF//DTD [HTML](/page/HTML)//EN"> <html><head><title>Sample</title></head> <body> <img src="cid:foo" alt="foo"> </body></html>... --boundary-example Content-ID: <[email protected]> Content-Type: image/gif Content-Transfer-Encoding: [base64](/page/Base64) R0lGODlhGAAyAIAAAP///wAAACwAAAAAAGAAyAAA... --boundary-example--Content-Type: multipart/related; boundary="boundary-example"; type="text/html" --boundary-example Content-Type: text/html; charset="US-ASCII" ...<!DOCTYPE HTML PUBLIC "-//IETF//DTD [HTML](/page/HTML)//EN"> <html><head><title>Sample</title></head> <body> <img src="cid:foo" alt="foo"> </body></html>... --boundary-example Content-ID: <[email protected]> Content-Type: image/gif Content-Transfer-Encoding: [base64](/page/Base64) R0lGODlhGAAyAIAAAP///wAAACwAAAAAAGAAyAAA... --boundary-example--
cid:foo reference links to the subsequent GIF part.[1]
MIME Types and Encoding
MHTML primarily employs the MIME typemultipart/related to aggregate an HTML document and its referenced resources into a single entity, with the type parameter set to "text/html" to indicate the root resource as an HTML part.[11] The start parameter is used to reference the Content-ID of the HTML root part, ensuring that receivers identify the starting point for rendering the document.[11] This structure builds directly on RFC 2387, which defines the multipart/related type for related body parts, while RFC 2557 extends it specifically for web documents like HTML by incorporating URI resolution mechanisms.[11]
Alternative encapsulation types include message/rfc822, which wraps the entire MHTML aggregate as a message for broader compatibility in email systems. Individual components within the multipart structure utilize standard MIME subtypes, such as text/html for the main document, image/gif or image/jpeg for embedded images, and text/css for stylesheets.[12] In some implementations, application/x-mimearchive serves as an alternative top-level type for MHTML files, though it lacks formal standardization in the core RFC.
Data encoding in MHTML follows MIME conventions to handle diverse content safely during transmission. Binary resources, such as images, are typically encoded using Base64 to convert them into a text-safe format, while text-based parts like HTML or CSS may use quoted-printable for non-ASCII characters or 7bit for plain ASCII to minimize alteration.[13] The Content-Transfer-Encoding header specifies the method for each part, ensuring compatibility with 7-bit transport systems like SMTP.[13]
Key parameters enhance the structure's functionality: the boundary parameter defines delimiters between parts (e.g., "boundary=example"), preventing parsing errors.[11] Content-Location assigns a URI to each part, enabling the resolution of embedded links within the HTML to internal resources.[14] Although Content-Base was proposed in earlier drafts (RFC 2110) for establishing a base URI to resolve relative links, it was deprecated in RFC 2557, with modern implementations relying instead on Content-Location for URI mapping.[15]
This MIME-based approach ensures MHTML files can be transmitted via email without data loss, as the encodings and structures conform to RFC 822 and related standards, supporting archival and offline access across non-IP networks.[16]
Software Support
Web Browsers
Microsoft Edge provides full native support for MHTML files, inheriting capabilities from its integration with legacy Internet Explorer features. Users can save web pages as MHTML via the "Save as" menu option, selecting "Webpage, Single File (*.mhtml)," which encapsulates the HTML content and resources into a single file. Edge also opens .mht and .mhtml files directly without requiring Internet Explorer mode in most cases, rendering them as standard web pages.[17] Google Chrome introduced native MHTML support in version 86, released in October 2020, allowing users to save pages under the "Save page as" dialog by choosing "Webpage, Single File." This option creates a compact .mhtml file containing the page's HTML, styles, images, and scripts. Chrome can open MHTML files natively, though editing capabilities are limited compared to creation, as the format is primarily designed for archival viewing.[18] Opera has supported MHTML since version 9.0 in 2006, one of the earliest browsers to offer this feature alongside Internet Explorer. In current versions as of 2025, Opera maintains full save and open capabilities, with the "Save as" menu providing a "Web archive, single file" option equivalent to MHTML. Files in .mht or .mhtml format load seamlessly, preserving embedded resources for offline access.[19] Other Chromium-based browsers, such as Vivaldi and Yandex Browser, inherit MHTML support from the underlying engine. Vivaldi enables saving and opening MHTML files natively, often with the feature active by default or via simple command-line flags for enhanced compatibility. Yandex Browser, starting from version 22.7.4.960 in July 2022, includes native creation and viewing of MHTML files, aligning with Chrome's implementation for single-file web archives.[20][18] Mozilla Firefox lacks native MHTML support, having discontinued it after version 57 in 2017, when legacy extensions like UnMHT became incompatible due to changes in the extension architecture. Users rely on third-party extensions such as SingleFile, which provides similar single-file saving functionality using data URIs instead of true MHTML encoding, but opening existing MHTML files remains limited without specialized add-ons. Community requests for native MHTML integration persist into 2025 on Mozilla's feedback platforms.[21][22] Apple's Safari has not supported MHTML since version 3.1.1, released in May 2008, when native handling was discontinued in favor of the proprietary Web Archive format. Earlier versions may have offered partial compatibility, but as of 2025, Safari neither saves nor opens .mht or .mhtml files natively, requiring alternative tools or browsers for such operations.[23] Internet Explorer 5.0, released in March 1999, pioneered MHTML support among web browsers, introducing the ability to save and open web pages as single-file archives through integration with Outlook Express 5. This marked the format's debut in mainstream browsing, setting the stage for its adoption in subsequent Microsoft products.[18]Other Applications
Microsoft OneNote, starting from version 2010, supports the import and embedding of MHTML files to facilitate web clippings within notes, allowing users to capture and integrate complete web pages including resources like images and stylesheets.[24] Additionally, OneNote enables the export of entire notes or sections to MHTML format, preserving the content in a single, self-contained file suitable for archiving or sharing.[25] The Windows Problem Steps Recorder (PSR), a built-in troubleshooting tool available in Windows 7 and later versions, generates detailed reports in MHTML format that combine step-by-step instructions, screenshots, and annotations to document user actions and system issues.[26] These MHTML outputs are compiled within a ZIP archive for easy distribution to support teams, with the core report rendering as a navigable web archive in compatible viewers.[27] Hunchly, a specialized software for web investigations and digital forensics, relies on MHTML as its primary format for capturing web pages, embedding all headers, HTML content, and associated resources into tamper-evident single files.[28] This approach ensures forensic integrity, with each capture hashed using SHA-256 and optionally signed with GPG for validation in legal or investigative workflows.[29][30] Aspose libraries for .NET, such as Aspose.HTML and Aspose.Email, provide robust programmatic support for handling MHTML files, enabling developers to convert HTML to MHTML, parse embedded resources, and integrate the format into enterprise applications for document processing and archiving.[31][32] For instance, the Converter class in Aspose.HTML allows seamless transformation of web content into MHTML while managing MIME encapsulation for resources like images and styles.[33] Google Drive offers limited support for MHTML through third-party extensions like the EML, MHT Viewer, which parses and displays MHTML files directly within the platform, rendering HTML content and inline attachments for collaborative review.[34] This functionality aids in viewing archived web pages stored in Drive without native browser integration, though editing capabilities remain restricted. As of 2025, MHTML maintains niche usage in enterprise tools for reporting and archiving, such as SQL Server Reporting Services, which renders reports in MHTML for web-compatible single-file delivery.[4] However, its broader adoption has waned in favor of more versatile modern formats like PDF and interactive HTML bundles, driven by improved cross-platform compatibility and security features in newer standards.[35]Security Considerations
Known Vulnerabilities and Exploits
In 2015, attackers began leveraging malicious MHT files in spam email campaigns to deliver malware, often by embedding hidden macros within MHTML documents that executed upon opening in Internet Explorer.[36] These files exploited the format's ability to encapsulate HTML, scripts, and embedded resources, allowing cybercriminals to bypass initial antivirus detection and infect systems with trojans like Dridex.[37] A significant vulnerability emerged in 2019 involving XML External Entity (XXE) processing in Internet Explorer's MHTML parser, enabling attackers to conduct information disclosure attacks by tricking users into opening specially crafted MHT files.[38] Discovered as a zero-day by security researcher James Forshaw, this flaw allowed remote extraction of local files or system details without a formal patch initially, relying instead on a Microsoft workaround to disable vulnerable parsing.[39] The issue stemmed from improper handling of external entities in XML payloads embedded within MHTML archives, affecting users who opened attachments in IE. More recently, CVE-2024-38112, a spoofing vulnerability in the Windows MSHTML platform's MHTML handler, was exploited as a zero-day starting in January 2023 and continuing for 18 months until its patch in July 2024.[40] This flaw enabled attackers to resurrect the deprecated Internet Explorer engine via malicious .url or MHT files, bypassing security zones to execute arbitrary scripts and deploy malware like the Atlantida stealer.[41] The advanced persistent threat group Void Banshee weaponized it in targeted phishing operations, often disguising files as PDFs to lure victims.[42] In September 2024, Microsoft patched another MHTML-related spoofing vulnerability, CVE-2024-43461, in the Windows MSHTML platform. This high-severity flaw (CVSS 8.8), exploited as a zero-day prior to patching, allowed attackers to leverage crafted .url files to trigger MHTML protocol handlers in Internet Explorer mode, bypassing security features to steal data such as browser credentials. The Void Banshee APT group actively exploited it in phishing campaigns to deploy the Atlantida information stealer, primarily targeting Windows 10 and 11 users.[43][44] General risks in MHTML include MIME header manipulation, which can facilitate phishing by altering content-type declarations to spoof trusted domains or inject deceptive elements during parsing.[45] Additionally, flaws in base64 decoding within vulnerable parsers have led to arbitrary code execution, as seen in exploits targeting applications like WPS Office that mishandle encoded payloads in MHTML files.[46] These vulnerabilities primarily impact Windows users relying on Internet Explorer or Edge's IE compatibility mode, with exploits confined to targeted attacks rather than widespread campaigns.[44] As of November 2025, no new MHTML-specific exploits have been reported following the CVE-2024-43461 patch, though unpatched legacy systems continue to pose risks for information theft and code execution.[43]Mitigation and Best Practices
To mitigate risks associated with MHTML files, organizations and users should prioritize applying security patches promptly. Microsoft addressed a spoofing vulnerability in the MHTML protocol handler (CVE-2024-38112) through its July 2024 Patch Tuesday updates and a subsequent spoofing flaw (CVE-2024-43461) in September 2024, which unregistered vulnerable MHTML handlers from Internet Explorer and patched affected Windows versions including Windows 10 and 11.[47][43] Ensuring all systems receive these updates, along with subsequent patches, significantly reduces exploitation potential, as evidenced by APT group Void Banshee's use of these zero-days prior to patching.[42] Users should also maintain the latest versions of supported browsers to benefit from ongoing security enhancements in MSHTML handling.[48] When handling MHTML files, particularly as email attachments, avoid opening unsolicited or unexpected ones to prevent phishing or malware delivery.[49] Always scan files with reputable antivirus software capable of detecting embedded threats like XML External Entity (XXE) attacks in MHTML, as demonstrated in a 2019 zero-day exploitation of Internet Explorer's MHT processing.[38] Tools such as Microsoft Defender Antivirus can identify and quarantine malicious MHTML content during scans.[50] Configure browser settings to limit MHTML risks where possible. In Microsoft Edge, disable the "Automatically open downloaded MHT or MHTML files in Internet Explorer mode" policy via Group Policy or registry to prevent automatic execution, forcing manual review.[51] For Google Chrome, uncheck "Open certain file types automatically after downloading" in Settings > Downloads to avoid auto-opening .mht or .mhtml files post-download. Leverage built-in browser sandboxing features, which isolate MHTML rendering processes to contain potential exploits.[52] Adopt best practices for safe MHTML usage by validating file sources before saving or opening, especially from untrusted web archives.[53] For sensitive data, prefer non-MHTML alternatives to minimize exposure to format-specific vulnerabilities.[54] Prior to processing, upload files to services like VirusTotal for multi-engine scanning, which supports MHTML analysis across over 70 antivirus engines.[55] In enterprise environments, implement Group Policy to restrict MHTML handling, such as disabling automatic IE mode integration for local .mht/.mhtml files across the organization.[56] Educate users on phishing tactics involving archived web content in MHTML to foster vigilance against social engineering.[57] As of November 2025, with Internet Explorer's end-of-support and persistent historical risks in MSHTML, emphasize transitioning away from MHTML for new workflows to reduce reliance on legacy formats.Alternatives
Data URI Scheme
The data URI scheme is a uniform resource identifier (URI) scheme that enables the inline embedding of small data items, such as images or CSS stylesheets, directly within HTML or other web documents, treating them as if they were external resources without requiring separate file references.[58] This approach uses either URL encoding for textual data or base64 encoding for binary data to represent the content compactly within the URI itself.[58] The syntax for a data URI follows the formatdata:[<mediatype>][;base64],<data>, where <mediatype> optionally specifies the MIME type (e.g., image/png), the ;base64 parameter indicates base64 encoding if used, and <data> contains the encoded payload.[58] For example, an inline PNG image might be referenced as <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mP8/5+hHgAHggJ/PchI7wAAAABJRU5ErkJggg==" alt="example">, allowing the image data to be embedded directly in the HTML source.
Standardized in RFC 2397 in 1998, the data URI scheme was designed to facilitate the inclusion of immediate data in URIs, particularly for small resources, and has been supported in all modern web browsers since the early 2000s, with implementations appearing in Opera 7.2 (2003), Safari (all versions), Firefox (early versions), and Internet Explorer 8 (2009).[58]
As a lightweight alternative to MHTML's multipart structure for bundling resources, data URIs offer advantages such as eliminating the need for separate files or additional HTTP requests, making them suitable for small assets like icons or styles in bandwidth-constrained environments.[58][59]
However, data URIs have limitations, including a significant increase in the size of the host HTML file due to encoding overhead (base64 expands data by about 33%), and browser-imposed length restrictions, such as 512 MB in Chromium-based browsers including Google Chrome.[60] These constraints make data URIs unsuitable for large pages or comprehensive archiving, where they can lead to performance issues or parsing failures.
Common use cases include embedding small images in HTML emails to avoid attachment dependencies or rendering issues in clients, and incorporating inline styles or icons in simple web pages; as of 2025, they remain widely adopted in responsive web design for optimizing load times on mobile devices by reducing external resource fetches.[61]
Archive Formats
Several alternative formats have emerged to address the limitations of MHTML in web archiving, offering varied approaches to bundling web content for preservation. These include discontinued browser-specific options, standardized formats for large-scale collections, and modern single-file solutions that prioritize simplicity and ongoing maintenance.[62][63] The Mozilla Archive Format (MAFF), introduced in 2008 as a Firefox extension, utilized a ZIP-based structure to bundle HTML documents with associated resources like images and stylesheets into a single file.[64] This format aimed to provide a straightforward archiving method native to Mozilla browsers but was discontinued around 2018 due to the extension developer's inability to maintain compatibility with evolving browser standards. Existing MAFF files remain accessible by extracting their ZIP contents using tools like 7-Zip.[65] Web ARChive (WARC), formalized as ISO 28500:2009, serves as a robust standard for large-scale web archiving by combining multiple resources, metadata, and even multiple pages into sequential records within a single file.[66] Unlike MHTML's focus on individual MIME-encapsulated pages, WARC supports extensive metadata for provenance and duplicates, making it ideal for institutional efforts; it is widely employed by the Internet Archive for storing web crawls.[67] This format excels in scalability for billions of resources, though it requires specialized tools for replay and lacks MHTML's inherent email compatibility.[62][68] SingleFile, a JavaScript-powered browser extension available for Chrome and Firefox, generates single-file HTML archives by inlining resources directly into the document, offering functionality akin to MHTML but with an emphasis on pure HTML output without MIME overhead.[69] As of 2025, it remains actively maintained, supporting features like frame handling and font embedding for faithful page captures.[70] Other approaches include embedding resources in HTML via modern CSS techniques, such as theurl() function with data URIs for small assets, which enables self-contained pages without external dependencies. For static snapshots, PDF exports from browsers provide a rendered, printable format that captures layout and content but discards interactivity.
Emerging decentralized options, like IPFS-based archives, are gaining traction in 2025 for their distributed storage model, which enhances resilience and accessibility beyond centralized formats.[71]
Compared to MHTML, alternatives like WARC prioritize scalability for massive collections over email-friendly single-page encapsulation, while formats such as MAFF and SingleFile improve compression through ZIP or inline methods, addressing MHTML's base64 encoding inefficiencies.[68] These options also enhance cross-platform support, as MHTML's native rendering is inconsistent across non-Microsoft ecosystems, often requiring extensions or conversions.[72] For small-scale embedding, data URIs complement these by allowing resource inlining without full archiving.