BackwardCompatibilitySettings.RemovePotentiallyDangerousNavigateUrlDefaultValue Property
Specifies whether to remove potentially dangerous navigate URLs.
Namespace: DevExpress.Web
Assembly: DevExpress.Web.v21.2.dll
NuGet Package: DevExpress.Web
Declaration
Property Value
Type | Description |
---|---|
Boolean | true, to remove potentially dangerous navigate Urls; otherwise, false. |
Property Paths
You can access this nested property as listed below:
Object Type | Path to RemovePotentiallyDangerousNavigateUrlDefaultValue |
---|---|
ASPxWebControl |
|
Remarks
Use the RemovePotentiallyDangerousNavigateUrlDefaultValue property to validate the grid-based controls’ HyperlinkColumn values to prevent XSS vulnerability.
A secure URL starts with the “http:” or “https:” or doesn’t contain the ‘:’ symbol (relative URLs). Setting the RemovePotentiallyDangerousNavigateUrlDefaultValue property to true removes all potentially dangerous URLs from the <a> HTML element so it is rendered without HREF attribute.
Note
Note that grid-based controls validate only data source values used in the HyperlinkColumn column and ignore the HyperLinkProperties.NavigateUrlFormatString property.
Global.asax:
void Application_Start(object sender, EventArgs e) {
ASPxWebControl.BackwardCompatibility.RemovePotentiallyDangerousNavigateUrlDefaultValue = true;
}