What I need is just like How can I open a link in the default web browser from an HTA?, but with the restriction that the link sits inside an iframe.
The iframe's loads a page in our server.
Idea: can the iframe's redirect be detected & prevented, so then we'd run code like in https://stackoverflow.com/a/185581/66372. How?
Update 1 To be clear: the problem we're trying to solve is that when the user clicks on any link, it opens in the default browser.
One option similar to mplungjan's answer, is to capture the click event for all links in the iframe's DOM. Is there a more generic option that works at the iframe, document or body level? (and thus also works with delayed loads and any other tricks)
Something like this, which should be perfectly allowed in an HTA which has elevated rights
window.onload=function() {
window.frames["iframe_in_this_document"].onload=function() {
var links = this.document.getElementsByTagName("a");
for (var i=0;i<links.length;i++) {
url = links[i].href;
if (url) links[i].onclick=function() {
var shell = new ActiveXObject("WScript.Shell");
shell.run(this.href);
return false;
}
}
}