sandboxing silverlight 1.0.. (aka the internal script model)

Say you are a hoster ( fake example: myspace)  of some website where users create pages..  
You will hopefully want to give them the ability to 'host silverlight' but want to restrict what they can script ( so they don't turn off your ads or messup the navigation) ..    How to ??

In comes the 'internal script model' in silverlight ...  Here is the 'gist' of how it works:

  1. You can add an <x:Code > tags to your XAML to bring in Javascript for the interactivity within silverlight..
    <Canvas  xmlns="" xmlns:x=""
    Width="390" Height="340" Loaded="onRootLoaded">
        <x:Code Source="silverlight.js" Type="application/x-jscript" />
        <x:Code Source="default.html.js" Type="application/x-jscript" />
        <x:Code Source="scene.xaml.js" Type="application/x-jscript" /> .


  • you can have as many x:Code tags as you need, the x:Code tags must be children in the root Canvas.. the "type" and Source attributes are required..
  • x:Code can not be used from createFromXaml  ..

  1. When you add these x:Code tags, you are automatically running in 'internal script mode' ..  Your Javascript can NOT access any thing outside of the other JS files included in the xaml file .. 

    • It can not access the browser DOM  ( no access to window, document or any thing like that)..  A couple of FAQs here:

      • No access to window.setTimeout or similar callbacks, the workaround is to use Silverlights animation model to get timers...
      • No access to XmlHttp or similar objects to make WS calls..  the workaround is to use the Downloader object.. ideally calling some GETs of JSON stuff so you avoid parsing manually ...


  1. Likely, the next question is how to instantiate the silverlight plug-in..  using the recommended createSilverlight javascript is likely out since we said no external script, so you can use an object tag ...

    <object id="ag" type="application/ag-plugin" height="340" width="390" >
    <param name="Source" value="sceneInternal.xaml"/>
    <param name="MaxFrameRate" value="30" />
    <param name="OnError" value="default_error_handler" />


Live sample is here.. There is an "internal script version" and a non-sandboxed version...    The difference shows when you left click on the MediaElement itself.. (one alerts, the other one throws error caught in try catch) ..

Download the source here...


  1. the sample is not a full blown player, just wanted to wire enough to show you the gist..   The play/pause button does work of course...
  2. the ugly logos are to illustrate the likely "Brought to you by .." ad-scenario that I think would go well with this embeddable player model..
  3. This feature is still under development.. I would expect small changes to come between now and RTM..  my wish is that  it would be opening up a small communication channel back to the DOM.. even if one-directional... [though not sure if everyone else desires that]  
  4. I put together the sample in 20 mins.. only tested in Windows Vista.. IE and Firefox.. if you find issues let me know..

Comments (1)

  1. slyi says:

    Great example.

    Is there any way to place the JS inside the x:code via cdata block?

    Why does inline xaml only allow you to reference xaml in <script> tags, why not <xml> tags?

Skip to main content