diff --git a/src/extension-support/extension-manager.js b/src/extension-support/extension-manager.js
index c7a5a098200..d26c7c3b5bc 100644
--- a/src/extension-support/extension-manager.js
+++ b/src/extension-support/extension-manager.js
@@ -70,6 +70,12 @@ const createExtensionService = extensionManager => {
     return service;
 };
 
+/**
+ * @param {string} serviceName Dispatch service name.
+ * @returns {boolean} True if the extension can be granted extra permissions.
+ */
+const isTrustedService = serviceName => serviceName.startsWith('unsandboxed.');
+
 class ExtensionManager {
     constructor (vm) {
         /**
@@ -494,6 +500,9 @@ class ExtensionManager {
      */
     _prepareBlockInfo (serviceName, blockInfo) {
         if (blockInfo.blockType === BlockType.XML) {
+            if (!isTrustedService(serviceName)) {
+                throw new Error('BlockType.XML only supported in unsandboxed extensions')
+            }
             blockInfo = Object.assign({}, blockInfo);
             blockInfo.xml = String(blockInfo.xml) || '';
             return blockInfo;