HyperLinkProperties.RemovePotentiallyDangerousNavigateUrl Property
Specifies whether to remove potentially dangerous navigate URLs within a hyperlink column.
Namespace: DevExpress.Web
Assembly: DevExpress.Web.v18.2.dll
Declaration
Property Value
| Type | Default | Description |
|---|---|---|
| DefaultBoolean | **Default** | One of the DefaultBoolean enumeration values. |
Available values:
| Name | Description |
|---|---|
| True | Corresponds to a Boolean value of true. |
| False | Corresponds to a Boolean value of false. |
| Default | The value is determined by the current object’s parent object setting (e.g., a control setting). |
Remarks
Use the RemovePotentiallyDangerousNavigateUrl property to validate the HyperlinkColumn values to prevent XSS vulnerability.
A secure URL starts with the “http:” or “https:” or doesn’t contain the ‘:’ symbol (relative URLs). Setting the RemovePotentiallyDangerousNavigateUrl property to true removes all potentially dangerous URLs from the <a> HTML element so it is rendered without HREF attribute. If the RemovePotentiallyDangerousNavigateUrl property value is set to Default, the hyperlink column’s navigate url vaidation depends on the BackwardCompatibilitySettings.RemovePotentiallyDangerousNavigateUrlDefaultValue property value.
Note
Note that grid-based controls validate only data source values used in the HyperlinkColumn column and ignore the HyperLinkProperties.NavigateUrlFormatString property.
<dx:GridViewDataHyperLinkColumn FieldName="Link">
<PropertiesHyperLinkEdit RemovePotentiallyDangerousNavigateUrl="True">
</PropertiesHyperLinkEdit>
</dx:GridViewDataHyperLinkColumn>