Skip to main content
Tab

BackwardCompatibilitySettings.RemovePotentiallyDangerousNavigateUrlDefaultValue Property

Specifies whether to remove potentially dangerous navigate URLs.

Namespace: DevExpress.Web

Assembly: DevExpress.Web.v24.1.dll

NuGet Package: DevExpress.Web

Declaration

[DefaultValue(true)]
public bool RemovePotentiallyDangerousNavigateUrlDefaultValue { get; set; }

Property Value

Type Default Description
Boolean true

true, to remove potentially dangerous navigate Urls; otherwise, false.

Property Paths

You can access this nested property as listed below:

Object Type Path to RemovePotentiallyDangerousNavigateUrlDefaultValue
ASPxWebControl
.BackwardCompatibility .RemovePotentiallyDangerousNavigateUrlDefaultValue

Remarks

Use the RemovePotentiallyDangerousNavigateUrlDefaultValue property to validate the grid-based controls’ HyperlinkColumn values to prevent XSS vulnerability.

A secure URL starts with the “http:” or “https:” or doesn’t contain the ‘:’ symbol (relative URLs). Setting the RemovePotentiallyDangerousNavigateUrlDefaultValue property to true removes all potentially dangerous URLs from the <a> HTML element so it is rendered without HREF attribute.

Note

Note that grid-based controls validate only data source values used in the HyperlinkColumn column and ignore the HyperLinkProperties.NavigateUrlFormatString property.

The example below demonstrates how to keep all potentially dangerous navigation URLs in grid-like controls:

void Application_Start(object sender, EventArgs e) {
        ASPxWebControl.BackwardCompatibility.RemovePotentiallyDangerousNavigateUrlDefaultValue = false;
    }
See Also