Skip to main content

GridCsvExportOptions.EncodeExecutableContent Property

Specifies whether to enclose potentially dangerous content in quotation marks when it is exported to a CSV file.

Namespace: DevExpress.Blazor

Assembly: DevExpress.Blazor.v24.2.dll

NuGet Package: DevExpress.Blazor

Declaration

public bool EncodeExecutableContent { get; set; }

Property Value

Type Description
Boolean

true to encode content; otherwise, false.

Remarks

Important

Exported data can contain executable content. Microsoft Excel implements their own algorithm for unsafe content detection. The application warns you if it finds values with potentially dangerous content within the document. However, such content makes it possible to execute dangerous commands if a user opens a CSV file in Microsoft Excel and confirms that the file can be loaded and commands executed.

Security Considerations

To prevent possible security vulnerabilities, set the EncodeExecutableContent property to true to enclose potentially dangerous content in quotation marks prior to exporting it to the CSV format. Note that it can results in undesired data modification. The export engine transforms the values in the following ways.

  • Values started with ‘=’ or ‘@‘ are enclosed in quotation marks.
  • Values started with ‘+’ or ‘-‘ provided they cannot be converted to the Double format are enclosed in quotation marks.

If the EncodeExecutableContent property is not specified, the EncodeCsvExecutableContent property value determines the export behavior.

<DxGrid @ref="Grid"
        Data="@Data">
    <Columns>
        <DxGridSelectionColumn Width="60px" AllowSelectAll="true" />
        <DxGridDataColumn FieldName="ContactName" Width="15%" />
        <DxGridDataColumn FieldName="ContactTitle" Width="15%" />
        <DxGridDataColumn FieldName="CompanyName" Width="20%" />
        <DxGridDataColumn FieldName="Country" Width="15%" GroupIndex="0" />
        <DxGridDataColumn FieldName="FullAddress" UnboundType="GridUnboundColumnType.String" UnboundExpression="[City] + ' - ' + [PostalCode] + ' - ' + [Address]" />
    </Columns>
</DxGrid>

<DxButton Text="Export to CSV" Click="ExportCsv_Click" />

@code {
    IEnumerable<object> Data { get; set; }
    IGrid Grid { get; set; }
    async Task ExportCsv_Click() {
        await Grid.ExportToCsvAsync("ExportResult", new GridCsvExportOptions() {
            EncodeExecutableContent = true
        });
    }
}
See Also