BackwardCompatibilitySettings.RemovePotentiallyDangerousNavigateUrlDefaultValue Property
Specifies whether to remove potentially dangerous navigate URLs.
Namespace: DevExpress.Web
Assembly: DevExpress.Web.v25.2.dll
NuGet Package: DevExpress.Web
Declaration
Property Value
| Type | Default | Description |
|---|---|---|
| Boolean | true |
|
Property Paths
You can access this nested property as listed below:
| Object Type | Path to RemovePotentiallyDangerousNavigateUrlDefaultValue |
|---|---|
| ASPxWebControl |
|
Remarks
Use the RemovePotentiallyDangerousNavigateUrlDefaultValue property to validate HyperlinkColumn values in grid-based components and help prevent XSS vulnerabilities.
URL validation helps protect your application from cross-site scripting (XSS), server-side request forgery (SSRF), phishing, and similar URL-based attacks. For additional information, see Safe URL Validation.
Note
Note that grid-based controls validate only data source values used in a HyperlinkColumn and ignore the HyperLinkProperties.NavigateUrlFormatString property.
The following code snippet keeps all potentially dangerous navigation URLs in grid-based controls:
void Application_Start(object sender, EventArgs e) {
ASPxWebControl.BackwardCompatibility.RemovePotentiallyDangerousNavigateUrlDefaultValue = false;
}