I have an XBAP WPF application which displays various pages inside of a Frame. I was thinking about allowing deep linking into this app. So that users can link to something like http://myhost/myapp.xbap?page=MyPage and I then when app loads I automatically set MyPage.xaml as a source of my main frame.
I think I have an understanding of how to achieve this. What I don’t know if I should do any sanitizing of such parameter to prevent possible security vulnerabilities? Or is it not a concern in such scenario in WPF?
I think it all depends on how you handle the dynamic loading of your XAML. If you’re just building the XAML filename straight from the parameter, you could potentially allow the user to load up whatever XAML they want in your application (including anything you might not want the user to have access to, if that’s a possibility within your application.
You might want to think about having some kind of mapping file that maps parameters to XAML files. That way you can check to make sure the parameter is valid and the user can only access the XAML elements that you want to give them access to.
Other than that…good luck!