Export (0) Print
Expand All
0 out of 1 rated this helpful - Rate this topic

EnableHtmlAccess (Silverlight Plug-in Object)

Silverlight

Gets or sets a value that indicates whether the hosted content in the Silverlight plug-in and in the associated run-time code has access to the browser Document Object Model (DOM).

object Element

<object ...>
  <param name="enablehtmlaccess" value="bool"/>
  ...
</object>

Silverlight.js

Silverlight.CreateObject(,,,{enableHtmlAccess:'bool'});
-or-
Silverlight.CreateObjectEx({properties:{enableHtmlAccess:'bool'}});

JavaScript

bool = silverlightObject.settings.EnableHtmlAccess;

COM

Reported as a value of IXcpControlHost::GetHostOptions.

Managed Code

true if the hosted content and associated code has access to the browser HTML DOM; otherwise, false. The default value is true for same-domain applications and false for cross-domain applications.

This property can only be set during Silverlight plug-in initialization, and is read-only at run-time for all possible access models.

If EnableHtmlAccess is false and you are using the managed API, most of the APIs in the System.Windows.Browser namespace will raise an exception when they are called. For instance, when EnableHtmlAccess is set to false, getting the HtmlPage.BrowserInformation property value to determine browser host information (which ultimately comes from the HTML DOM) raises an InvalidOperationException exception. For more information, see HTML Bridge: Interaction Between HTML and Managed Code.

Caution note Caution:

When a host page enables HTML access, it allows the Silverlight-based application complete access to its DOM, including the ability to modify content, insert and evaluate JavaScript code, and so on. This should be allowed only if the host page trusts the Silverlight-based application. HTML access is enabled by default for same-domain Silverlight-based applications because there is implicit trust between HTML and same-domain Silverlight content. However, access must be specifically enabled for cross-domain applications. For more information, see Security Settings in HTML Bridge.

In the JavaScript API, you always have access to the HTML DOM. If you use the JavaScript API exclusively, the value of this property is ignored.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.