BackwardCompatibilitySettings.RemovePotentiallyDangerousNavigateUrlDefaultValue Property
Specifies whether to remove potentially dangerous navigate URLs.
Namespace: DevExpress.Web
Assembly: DevExpress.Web.v24.1.dll
NuGet Package: DevExpress.Web
Declaration
Property Value
Type | Default | Description |
---|---|---|
Boolean | true |
|
Property Paths
You can access this nested property as listed below:
Object Type | Path to RemovePotentiallyDangerousNavigateUrlDefaultValue |
---|---|
ASPxWebControl |
|
Remarks
Use the RemovePotentiallyDangerousNavigateUrlDefaultValue property to validate the grid-based controls’ HyperlinkColumn values to prevent XSS vulnerability.
A secure URL starts with the “http:” or “https:” or doesn’t contain the ‘:’ symbol (relative URLs). Setting the RemovePotentiallyDangerousNavigateUrlDefaultValue property to true
removes all potentially dangerous URLs from the <a> HTML element so it is rendered without HREF attribute.
Note
Note that grid-based controls validate only data source values used in the HyperlinkColumn column and ignore the HyperLinkProperties.NavigateUrlFormatString property.
The example below demonstrates how to keep all potentially dangerous navigation URLs in grid-like controls:
void Application_Start(object sender, EventArgs e) {
ASPxWebControl.BackwardCompatibility.RemovePotentiallyDangerousNavigateUrlDefaultValue = false;
}