XAML Browser Applications (XBAP, pronounced "ex-bap") are Windows Presentation Foundation (.xbap) applications that are hosted and run inside a web browser such as Firefox or Internet Explorer. Hosted applications run in a partial trust sandbox environment and are not given full access to the computer's resources like opening a new network connection or saving a file to the computer disk and not all WPF functionality is available. The hosted environment is intended to protect the computer from malicious applications; however it can also run in full trust mode by the client changing the permission. Starting an XBAP from an HTML page is seamless (with no security or installation prompt). Although one perceives the application running in the browser, it actually runs in an out-of-process executable (PresentationHost.exe) managed by a virtual machine. In the initial release of .NET Framework 3.0, XBAPs only ran in Internet Explorer. With the release of .NET Framework 3.5 SP1, which includes an XBAP extension, they also run in Mozilla Firefox.
XBAP applications have certain restrictions on what .NET features they can use. Since they run in partial trust, they are restricted to the same set of permission granted to any InternetZone application. Nearly all standard WPF functionality, however, around 99%, is available to an XBAP application. Therefore, most of the WPF UI features are available.
^"What is XBAP?". XBap.org. p. Home page. Retrieved 2011-02-16. XBAP (XAML Browser Application) is a new Windows technology used for creating Rich Internet Applications with a file extension .xbap to be run inside the Internet Explorer. They are run within a security sandbox to prevent untrusted applications from controlling local system resources.
^"WPF Partial Trust Security". MSDN. Retrieved 2011-02-16. For XBAP applications, code that exceeds the default permission set will have different behavior depending on the security zone. In some cases, the user will receive a warning when they attempt to install it. The user can choose to continue or cancel the installation. The following table describes the behavior of the application for each security zone and what you have to do for the application to receive full trust.