GridCsvExportOptions.EncodeExecutableContent Property

Namespace: DevExpress.Blazor

Assembly: DevExpress.Blazor.v23.2.dll

NuGet Package: DevExpress.Blazor

Declaration

public bool EncodeExecutableContent { get; set; }

Property Value

Remarks

Security Considerations

To prevent possible security vulnerabilities, set the EncodeExecutableContent property to true to enclose potentially dangerous content in quotation marks prior to exporting it to the CSV format. Note that it can results in undesired data modification. The export engine transforms the values in the following ways.

• Values started with ‘=’ or ‘@‘ are enclosed in quotation marks.
• Values started with ‘+’ or ‘-‘ provided they cannot be converted to the Double format are enclosed in quotation marks.

If the EncodeExecutableContent property is not specified, the EncodeCsvExecutableContent property value determines the export behavior.

<DxGrid @ref="Grid"
        Data="@Data">
    <Columns>
        <DxGridSelectionColumn Width="60px" AllowSelectAll="true" />
        <DxGridDataColumn FieldName="ContactName" Width="15%" />
        <DxGridDataColumn FieldName="ContactTitle" Width="15%" />
        <DxGridDataColumn FieldName="CompanyName" Width="20%" />
        <DxGridDataColumn FieldName="Country" Width="15%" GroupIndex="0" />
        <DxGridDataColumn FieldName="FullAddress" UnboundType="GridUnboundColumnType.String" UnboundExpression="[City] + ' - ' + [PostalCode] + ' - ' + [Address]" />
    </Columns>
</DxGrid>

<DxButton Text="Export to CSV" Click="ExportCsv_Click" />

@code {
    IEnumerable<object> Data { get; set; }
    IGrid Grid { get; set; }
    async Task ExportCsv_Click() {
        await Grid.ExportToCsvAsync("ExportResult", new GridCsvExportOptions() {
            EncodeExecutableContent = true
        });
    }
}