WPF Internet Sandbox Feature List (XBAPS & Loose XAML)

Two main types of WPF content is sandboxed today:

  • XAML Browser Applications (XBAPs).  XBAPs are online-only ClickOnce applications that are cached & run in the browser.
  • Loose XAML.  Loose XAML are XAML-only files that can be navigated to in the browser.

I’ve gotten questions about the specific feature list for the WPF sandbox.  Below is the high level list.   Other great resources about the sandbox include:

If you’re interested in why something was including/excluding from the sandbox, check the above whitepaper.  If you can’t find an answer here, feel free to post a comment on this blog entry.

V1 Internet Sandbox Features

These features are available in the WPF Internet sandbox:




Browser Window
Site of Origin (SOO) Access
IsolatedStorage (512KB Limit)
UIAutomation Providers
Input Method Editors (IMEs)
Tablet Stylus/Ink
Simulated drag/drop via MouseCapture/MouseMove
XAML Deserialization (via XamlWriter.Load)

Web Integration

Browser Download Dialog
TopLevel User-Initiated Navigation
URI Parameters
ASMX Web Services
HTTPWebRequest to Site of origin
XBAP/Loose XAML Hosted in IFRAME
Hosting of Site of Origin HTML pages


Media (Site of Origin & Cross Domain)


XPS Documents
Embedded & System Fonts
CFF & TrueType Fonts


Spell Check
Plaintext/Ink Clipboard Support
Partial XAML Clipboard Support
User Initiated Paste
Copy of Selected Content


All basic controls
Popups bound to Window


V1 Features Excluded from Internet Sandbox

The features are disabled in the WPF Internet sandbox.  Some these features were excluded from the sandbox for inherent security reasons.  Others were the result of V1 timeline/resource constraints. 




Window class (includes app-defined dialogs)
Launching of New Windows
Cross Domain Access
File System & Registry Access
Drag & Drop
XAML Serialization (via XamlWriter.Save)
UI Automation Clients

Web Integration

Windows Communication Foundation (“Indigo”)
Windows Workflow Foundation
Document Object Model (DOM) exposure/access

General Integration

Full Speech Support
WindowsForms Interop (“Crossbow”)


Image Encoding


RTF Clipboard
Full XAML Clipboard Support


Vocabulary/Drill Downs

  • Site of Origin or Same Site Access.
  • Simulated Drag/Drop
    • OLE Drag/Drop is not enabled in V1.
    • App developers can simulate INTRA-app drag/drop using MouseCapture & MouseMove.
  • Browser Download Dialog
    • Browser-specific download dialog shown when navigating to a file whose HTTP header has ‘Content-Disposition: Attachment’
    • As SaveFileDialog is not available in V1 sandbox, Browser Download Dialog is possible workaround.
  • IsolatedStorage
    • Data storage mechanism that provides isolation & safety.  (More details.)
    • Place to store data between sessions.
  • Partial XAML Clipboard Support
    • Copy/paste of content between two Internet XBAPs will copy/paste XAML.
    • Copy from a Internet XBAP in to a full trust WPF application will paste plain text.
    • Copy from a full trust WPF application in to an Internet XBAP will paste XAML.
    • Note: this constraint is to prevent escalation of privilege attacks using the clipboard.
  • User Initiated Paste
    • Programmatic paste is disallowed in the sandbox.
    • Only Ctrl-P & Paste Menus (context menu, browser menu) will result in a paste.
  • User Initiated Top Level Navigation
    • A navigation is top level if it is to content external to the application. 
    • Example:  <Hyperlink NavigateUri=”http://foo.com>Link</Hyperlink>
    • A user initiated navigation is a navigation that results from a user click on a <Hyperlink> element.
  • Media (Site of Origin & Cross Domain)
    • Rendering & bits/pixel access to site of origin images/videos/audio.
    • Rendering (but not bits/pixel access) to cross domain images, with below constraints.


  1. Hi, thanks for that. I was asking Rob Relyea for just such a list at TechEd Europe last week. I assume its just a typo, but you’ve got the Controls listed in both the supported and unsupported table. Slighly off topic but it might be usefull to someone, I also found out from Paul Andrew that the WF rules engine can’t run in partial trust and therefore an XBAP.

  2. Hi Rob,

    Yes, the controls in both places is a typo (and should most definitely only be in the supported table!).

    You also are correct about WF – I’ll also add that to the table for clarity.

    Thanks for the comments,

  3. How does an XBAP handle Assembly.Load()?
    We have an app with alot of plugins, all currently instantiated with Assembly.Load().
    Also, does XBAP download the entire app at once or just as assemblies are referenced?


  4. Great summary, Karen, as usual!

    Can you confirm how the cross-domain media is supposed to work? Specifically, assume I have an xbap at http://www.foo.com/my.xbap.

    It has an Image inside the Page, with Source=http://www.bar.com/other.jpg.

    Should the Image render? What if it’s a MediaElement instead of an Image? From your chart above, it implies it ought to render, but I wanted to confirm.

    Thanks, Rolf

  5. Under the general sections the following items are listed:

    XAML Serialization (via XamlWriter.Load)

    XAML Deserialization (via XamlWriter.Save)

    Are these terms used backwards? Shouldn’t Serialization be with XamlWriter.Save and Deserialization be with XamlWriter.Load?

  6. Brian
    – You’re right. It’s a typo. Thanks for the catch!

    – The browser download dialogs is the dialog shown when a user navigates to a file whose content-diposition is set to attachment. (This is set in the HTTP header.) This is useful for scenarios where you’re trying to content from the server to the user’s machine.

    – Excluding XamlWriter.Save from the sandbox came down to a V1 time constraint. If this is something you feel should be in the sandbox, please add it to the feature wiki (http://channel9.msdn.com/wiki/default.aspx/WPF.FeatureSuggestions) and explain your scenario. We appreciate the feedback!

    Thanks both for the comments!

  7. Hi,

    I need to prevent copy/paste options in sandbox. Can you please suggest me how it can be done. Also please clarify whether sandbox is applicable only for web environment or it can also be used in the windows.


  8. I am using sandboxie for testing sandboxie environment. But currently its allowing to copy/paste contents. I need to copy/paste within sandboxie but out of that environment, it paste option should be denied. Any suggestions for implementing this will be helpful. Currently copying out of the environment & paste inside is prevented & I need the reverse case also.

Leave a Reply

Your email address will not be published. Required fields are marked *