WBA sandbox question

Hot Topic

Added project reference not reflected
How create an Emf file ? Extending notation with icons
How can I programmatically tell if a tool property was explicitly specified?
Problem of Office add-in (C#)
WCF XCOPY deployment?
FindResource is throwing an exception
VSS Internet Checkout Errors for 2 projects
Uninstalling VS2005
Hierarchies in DataContracts
T4 in a custom tool

Visual Studio

VS 2005 Editions
ExcelSheet deployment
Differences in IDE and MSBuild for Web Project
Using MS VSS with PowerBuilder
Passing a token between services and InfoCard
Width and Height values in markup
permcalc.exe fails the installation each and every single time.
Integrating validation information within XML
Common Settings for all the projects in a Solution
Is GAT dead?

WBA sandbox question

I am in the process of evaluating WPF as a potential technology for future application development, and I have a question about the web browser application (WBA) sandbox model.

Based on what I have read so far, it seems that, in order to prevent UI spoofing, opening a dialog box or new top-level window from within a web browser application is not currently permitted. However, there are certainly scenarios where this type of behavior would be desirable - an application might want to display a dialog to collect information from a user, or launch a new window to display a document or image file. Not offering the ability to do so would seem to limit the types of applications that can be deployed as WBAs.

It would be ideal if a web browser application could request permission from the user to open additional windows, similar to the way the pop-up blocker feature in Internet Explorer currently works.

Generally speaking, is it possible for a WPF web browser application to request additional permissions beyond what is allowed by the default partial trust sandbox In other words, is there any middle ground between the partial trust environment in which browser applications run and the full trust environment in which installed applications run




Answer this question

WBA sandbox question

  • Damian Coverly

    I agree that a standalone application would resolve the permission issues. However, I may want the option to deploy my application on the Mac or to portable devices in the future, which, I am guessing, will require developing for WPF/E. I am assuming that WPF/E will only support the WBA model, not the standalone application model. Do you know if this is true



  • AnandAsir

    Mike Harsh, a member of the WPF/E team, just posted Joe Stegman's slides from Mix06 about WPF/E...

    While not using the XBAP model directly, I'd imagine that constraining yourself to things you can do in partial trust is a good way to prepare for WPF/E...

    There will be things that you can use in XBAP that you can't use in a WPF/E application.

    If you have questions, I'd post them to Mike's blog or ask him where to post...

    Rob Relyea
    WPF, PM
    http://longhornblogs.com/rrelyea

  • kikoBYTES

    This is a sample of a full-trust WBA for November 2005 CTP
    http://blogs.msdn.com/karstenj/archive/2005/11/29/498061.aspx
    However, you have to manually add on the client machine the certificate to the trusted publishers.

    In my opinion, if you need more permissions, use a standalone application instead. Use ClickOnce to deploy it in online mode only, sign it with a certificate from Verisign etc.


  • Akd02

    WPF/E is still an open issue. But, I would not assume that only WBA applications are supported. We just do not know enough yet.

  • WBA sandbox question
Answer this question