Two main types of WPF content is sandboxed today:
- XAML Browser Applications (XBAPs). XBAPs are online-only ClickOnce applications that are cached & run in the browser.
- Loose XAML. Loose XAML are XAML-only files that can be navigated to in the browser.
I’ve gotten questions about the specific feature list for the WPF sandbox. Below is the high level list. Other great resources about the sandbox include:
- Windows Presentation Foundation Security Sandbox Whitepaper
- Windows SDK: WPF Partial Trust Security
- Security Notes on individual API reference pages
If you’re interested in why something was including/excluding from the sandbox, check the above whitepaper. If you can’t find an answer here, feel free to post a comment on this blog entry.
V1 Internet Sandbox Features
These features are available in the WPF Internet sandbox:
|
Category |
Features |
| General |
Browser Window |
|
Web Integration |
Browser Download Dialog |
|
Visuals |
2D/3D |
|
Reading |
FlowDocuments |
|
Editing |
Spell Check |
|
Controls |
All basic controls |
V1 Features Excluded from Internet Sandbox
The features are disabled in the WPF Internet sandbox. Some these features were excluded from the sandbox for inherent security reasons. Others were the result of V1 timeline/resource constraints.
|
Category |
Features |
| General |
Window class (includes app-defined dialogs) |
|
Web Integration |
Windows Communication Foundation (“Indigo”) |
|
General Integration |
HwndHost |
|
Visuals |
BitmapEffects |
|
Editing |
RTF Clipboard |
Vocabulary/Drill Downs
- Site of Origin or Same Site Access.
- Ability to talk to back to application deployment server.
- Example: http://foo.com has access content/web services at http://foo.com & http://foo.com/bar. It does NOT have access to https://foo.com (secure) or http://zoo.foo.com (subdomain).
- Simulated Drag/Drop
- OLE Drag/Drop is not enabled in V1.
- App developers can simulate INTRA-app drag/drop using MouseCapture & MouseMove.
- Browser Download Dialog
- Browser-specific download dialog shown when navigating to a file whose HTTP header has ’Content-Disposition: Attachment’
- As SaveFileDialog is not available in V1 sandbox, Browser Download Dialog is possible workaround.
- IsolatedStorage
- Data storage mechanism that provides isolation & safety. (More details.)
- Place to store data between sessions.
- Partial XAML Clipboard Support
- Copy/paste of content between two Internet XBAPs will copy/paste XAML.
- Copy from a Internet XBAP in to a full trust WPF application will paste plain text.
- Copy from a full trust WPF application in to an Internet XBAP will paste XAML.
- Note: this constraint is to prevent escalation of privilege attacks using the clipboard.
- User Initiated Paste
- Programmatic paste is disallowed in the sandbox.
- Only Ctrl-P & Paste Menus (context menu, browser menu) will result in a paste.
- User Initiated Top Level Navigation
- A navigation is top level if it is to content external to the application.
- Example: <Hyperlink NavigateUri=”http://foo.com>Link</Hyperlink>
- A user initiated navigation is a navigation that results from a user click on a <Hyperlink> element.
- Media (Site of Origin & Cross Domain)
- Rendering & bits/pixel access to site of origin images/videos/audio.
- Rendering (but not bits/pixel access) to cross domain images, with below constraints.
