GridCsvExportOptions.EncodeExecutableContent Property
Specifies whether to enclose potentially dangerous content in quotation marks when it is exported to a CSV file.
Namespace: DevExpress.Blazor
Assembly: DevExpress.Blazor.v24.2.dll
NuGet Package: DevExpress.Blazor
Declaration
public bool EncodeExecutableContent { get; set; }
Property Value
Type | Description |
---|---|
Boolean |
|
Remarks
Important
Exported data can contain executable content. Microsoft Excel implements their own algorithm for unsafe content detection. The application warns you if it finds values with potentially dangerous content within the document. However, such content makes it possible to execute dangerous commands if a user opens a CSV file in Microsoft Excel and confirms that the file can be loaded and commands executed.
Security Considerations
To prevent possible security vulnerabilities, set the EncodeExecutableContent
property to true
to enclose potentially dangerous content in quotation marks prior to exporting it to the CSV format. Note that it can results in undesired data modification. The export engine transforms the values in the following ways.
- Values started with ‘=’ or ‘@‘ are enclosed in quotation marks.
- Values started with ‘+’ or ‘-‘ provided they cannot be converted to the Double format are enclosed in quotation marks.
If the EncodeExecutableContent
property is not specified, the EncodeCsvExecutableContent property value determines the export behavior.
<DxGrid @ref="Grid"
Data="@Data">
<Columns>
<DxGridSelectionColumn Width="60px" AllowSelectAll="true" />
<DxGridDataColumn FieldName="ContactName" Width="15%" />
<DxGridDataColumn FieldName="ContactTitle" Width="15%" />
<DxGridDataColumn FieldName="CompanyName" Width="20%" />
<DxGridDataColumn FieldName="Country" Width="15%" GroupIndex="0" />
<DxGridDataColumn FieldName="FullAddress" UnboundType="GridUnboundColumnType.String" UnboundExpression="[City] + ' - ' + [PostalCode] + ' - ' + [Address]" />
</Columns>
</DxGrid>
<DxButton Text="Export to CSV" Click="ExportCsv_Click" />
@code {
IEnumerable<object> Data { get; set; }
IGrid Grid { get; set; }
async Task ExportCsv_Click() {
await Grid.ExportToCsvAsync("ExportResult", new GridCsvExportOptions() {
EncodeExecutableContent = true
});
}
}