Skip to main content

DevExpress v24.2 Update — Your Feedback Matters

Our What's New in v24.2 webpage includes product-specific surveys. Your response to our survey questions will help us measure product satisfaction for features released in this major update and help us refine our plans for our next major release.

Take the survey Not interested

GridCsvExportOptions.EncodeExecutableContent Property

Specifies whether to enclose potentially dangerous content in quotation marks when it is exported to a CSV file.

Namespace: DevExpress.Blazor

Assembly: DevExpress.Blazor.v24.2.dll

NuGet Package: DevExpress.Blazor

#Declaration

C#
public bool EncodeExecutableContent { get; set; }

#Property Value

Type Description
Boolean

true to encode content; otherwise, false.

#Remarks

Important

Exported data can contain executable content. Microsoft Excel implements their own algorithm for unsafe content detection. The application warns you if it finds values with potentially dangerous content within the document. However, such content makes it possible to execute dangerous commands if a user opens a CSV file in Microsoft Excel and confirms that the file can be loaded and commands executed.

#Security Considerations

To prevent possible security vulnerabilities, set the EncodeExecutableContent property to true to enclose potentially dangerous content in quotation marks prior to exporting it to the CSV format. Note that it can results in undesired data modification. The export engine transforms the values in the following ways.

  • Values started with ‘=’ or ‘@‘ are enclosed in quotation marks.
  • Values started with ‘+’ or ‘-‘ provided they cannot be converted to the Double format are enclosed in quotation marks.

If the EncodeExecutableContent property is not specified, the EncodeCsvExecutableContent property value determines the export behavior.

Razor
<DxGrid @ref="Grid"
        Data="@Data">
    <Columns>
        <DxGridSelectionColumn Width="60px" AllowSelectAll="true" />
        <DxGridDataColumn FieldName="ContactName" Width="15%" />
        <DxGridDataColumn FieldName="ContactTitle" Width="15%" />
        <DxGridDataColumn FieldName="CompanyName" Width="20%" />
        <DxGridDataColumn FieldName="Country" Width="15%" GroupIndex="0" />
        <DxGridDataColumn FieldName="FullAddress" UnboundType="GridUnboundColumnType.String" UnboundExpression="[City] + ' - ' + [PostalCode] + ' - ' + [Address]" />
    </Columns>
</DxGrid>

<DxButton Text="Export to CSV" Click="ExportCsv_Click" />

@code {
    IEnumerable<object> Data { get; set; }
    IGrid Grid { get; set; }
    async Task ExportCsv_Click() {
        await Grid.ExportToCsvAsync("ExportResult", new GridCsvExportOptions() {
            EncodeExecutableContent = true
        });
    }
}
See Also