Skip to main content
Tab

HyperLinkProperties.RemovePotentiallyDangerousNavigateUrl Property

Specifies whether to remove potentially dangerous navigate URLs within a hyperlink column.

Namespace: DevExpress.Web

Assembly: DevExpress.Web.v24.1.dll

NuGet Package: DevExpress.Web

Declaration

[DefaultValue(DefaultBoolean.Default)]
public DefaultBoolean RemovePotentiallyDangerousNavigateUrl { get; set; }

Property Value

Type Default Description
DefaultBoolean Default

One of the DefaultBoolean enumeration values.

Available values:

Name Description Return Value
True

The value is true.

0

False

The value is false.

1

Default

The value is specified by a global option or a higher-level object.

2

Remarks

Use the RemovePotentiallyDangerousNavigateUrl property to validate the HyperlinkColumn values to prevent XSS vulnerability.

A secure URL starts with the “http:” or “https:” or doesn’t contain the ‘:’ symbol (relative URLs). Setting the RemovePotentiallyDangerousNavigateUrl property to true removes all potentially dangerous URLs from the <a> HTML element so it is rendered without HREF attribute. If the RemovePotentiallyDangerousNavigateUrl property value is set to Default, the hyperlink column’s navigate url vaidation depends on the BackwardCompatibilitySettings.RemovePotentiallyDangerousNavigateUrlDefaultValue property value.

Note

Note that grid-based controls validate only data source values used in the HyperlinkColumn column and ignore the HyperLinkProperties.NavigateUrlFormatString property.

<dx:GridViewDataHyperLinkColumn FieldName="Link">
  <PropertiesHyperLinkEdit RemovePotentiallyDangerousNavigateUrl="True">
  </PropertiesHyperLinkEdit>
</dx:GridViewDataHyperLinkColumn>
See Also