It is extremely important to keep security in mind whenever dealing with web page integration. It is easy to accidentally create vulnerabilities which can be used for various malicious exploits. Therefore you should always take care when opening up communications in either direction and to validate the input of all method calls, events and properties.
enableHtmlAccess embed property and the
deployment manifest attribute allow explicit control over communications for both same and cross-domain situations.
managed code with attributes and then by calling the
RegisterScriptableObject(String, Object) method.
This opens up many interesting possibilities in addition to simple integration with the
hosting page. For example, performance intensive code could be written in managed code while keeping everything else on the page,
or you could use the Silverlight isolated storage system as a local cache for data in addition to the browser's caching mechanism.
The following demonstrates using the
ScriptableMemberAttribute. Note that
ScriptableTypeAttribute also marks all public methods, events and properties as scriptable. To avoid this you
should only use the
ScriptableMemberAttribute on the items you wish to expose.
On the containing HTML page we create the Silverlight application and set the
onLoad callback method.
Compute() method on the exposed
In addition, all DOM objects inherit from the
ScriptObject class making it possible to invoke methods on both native
Related information on the web is listed below.