BackwardCompatibilitySettings.RemovePotentiallyDangerousNavigateUrlDefaultValue Property
Specifies whether to remove potentially dangerous navigate URLs.
Namespace: DevExpress.Web
Assembly: DevExpress.Web.v24.2.dll
NuGet Package: DevExpress.Web
#Declaration
#Property Value
Type | Default | Description |
---|---|---|
Boolean | true |
|
#Property Paths
You can access this nested property as listed below:
Object Type | Path to Remove |
---|---|
ASPx |
|
#Remarks
Use the RemovePotentiallyDangerousNavigateUrlDefaultValue property to validate the grid-based controls’ HyperlinkColumn values to prevent XSS vulnerability.
A secure URL starts with the “http:” or “https:” or doesn’t contain the ‘:’ symbol (relative URLs). Setting the RemovePotentiallyDangerousNavigateUrlDefaultValue property to true
removes all potentially dangerous URLs from the <a> HTML element so it is rendered without HREF attribute.
Note
Note that grid-based controls validate only data source values used in the Hyperlink
The example below demonstrates how to keep all potentially dangerous navigation URLs in grid-like controls:
void Application_Start(object sender, EventArgs e) {
ASPxWebControl.BackwardCompatibility.RemovePotentiallyDangerousNavigateUrlDefaultValue = false;
}