XBAPs must execute within a
partial-trust security sandbox that is restricted to the Internet zone
permission set. Consequently, your implementation must support the subset of
WPF elements that are supported in the Internet zone
When you host the Web Browser ActiveX control (WebOC) in
the Internet Explorer browser process, the following security limitations
apply.
· Internet Explorer blocks modal dialog
boxes from the DHTML alert function and ActiveX controls hosted in HTML.
Internet Explorer suppresses dialog boxes that originate from threads other
than the active tab’s thread.
· Hosting the WebOC control raises an
exception when an XBAP is loaded cross-domain in an HTML page.