XAML Browser Applications


XAML Browser Applications are Windows Presentation Foundation applications that are hosted and run inside a web browser such as Firefox or Internet Explorer. Hosted applications run in a partial trust sandbox environment and are not given full access to the computer's resources like opening a new network connection or saving a file to the computer disk and not all WPF functionality is available. The hosted environment is intended to protect the computer from malicious applications; however it can also run in full trust mode by the client changing the permission. Starting an XBAP from an HTML page is seamless. Although one perceives the application running in the browser, it actually runs in an out-of-process executable managed by a virtual machine. In the initial release of.NET Framework 3.0, XBAPs only ran in Internet Explorer. With the release of.NET Framework 3.5 SP1, which includes an XBAP extension, they also run in Mozilla Firefox.

XBAP limitations

XBAP applications have certain restrictions on what.NET features they can use. Since they run in partial trust, they are restricted to the same set of permission granted to any InternetZone application. Nearly all standard WPF functionality, however, around 99%, is available to an XBAP application. Therefore, most of the WPF UI features are available.
Starting in February 2009, XBAP applications no longer function when run from the Internet. Attempting to run the XBAP will cause the browser to present a generic error message. An option exists in Internet Explorer 9 that can be used to allow the applications to run, but this must be done with care as it increases the potential attack surface - and there have been security vulnerabilities in XBAP.

Permitted