ASPxAutoCompleteBoxBase.DataSecurityMode Property

Namespace: DevExpress.Web

Assembly: DevExpress.Web.v24.2.dll

Declaration

[DefaultValue(DataSecurityMode.Default)]
public DataSecurityMode DataSecurityMode { get; set; }

<DefaultValue(DataSecurityMode.Default)>
Public Property DataSecurityMode As DataSecurityMode

Property Value

Remarks

By default, the DataSecurityMode property is set to the Default value. This means that a list editor allows adding new list items via client code and synchronizes modifications to this list with the server ASPxAutoCompleteBoxBase.Items collection if the ASPxAutoCompleteBoxBase.EnableSynchronization property is enabled. A list editor’s server value may be modified by an end-user either by selecting list items added via client code or by entering new values directly into an editor’s edit box. In this scenario, it is recommended to HTML encode the combo box item’s content using the following:

• enable the EditPropertiesBase.EncodeHtml property if items aren’t created using templates.

• encode HTML using the HttpUtility.HtmlEncode method if items are created using templates (ASPxAutoCompleteBoxBase.ItemTemplate).

  • ASPX

  <dx:ASPxComboBox ID="cb1" runat="server">
      <ItemTemplate>
          <asp:Label ID="Label1" runat="server" Text='<%# HttpUtility.HtmlEncode(Eval("Text")) %>'></asp:Label>
      </ItemTemplate>
  </dx:ASPxComboBox>
  

You can set the DataSecurityMode property to Strict to prevent setting a list editor’s value to any value except values listed within the editor’s server-side ASPxAutoCompleteBoxBase.Items collection. This helps you secure your data against any potential threat of malicious data modifications initiated in the client browser.

The DataSecurityMode property value set to DropDownStyle.DropDown is in effect if the ASPxAutoCompleteBoxBase.DataSecurityMode=DataSecurityMode.Default.