TreeListCsvExportOptions.EncodeExecutableContent Property
Specifies whether to enclose potentially dangerous content in quotation marks when it is exported to a CSV file.
Namespace: DevExpress.Blazor
Assembly: DevExpress.Blazor.v25.1.dll
NuGet Package: DevExpress.Blazor
#Declaration
public bool EncodeExecutableContent { get; set; }#Property Value
| Type | Description |
|---|---|
| Boolean |
|
#Remarks
Important
Exported data can contain executable content. Microsoft Excel implements their own algorithm for unsafe content detection. The application warns you if it finds values with potentially dangerous content within the document. However, such content makes it possible to execute dangerous commands if a user opens a CSV file in Microsoft Excel and confirms that the file can be loaded and commands executed.
#Security Considerations
To prevent possible security vulnerabilities, set the EncodeExecutableContent property to true to enclose potentially dangerous content in quotation marks prior to exporting it to the CSV format. Note that it can result in undesired data modification. The export engine transforms the values in the following ways:
- Values started with ‘=’ or ‘@‘ are enclosed in quotation marks.
- Values started with ‘+’ or ‘-‘ cannot be converted to the Double format. They are enclosed in quotation marks.
If the EncodeExecutableContent property is not specified, the EncodeCsvExecutableContent property value determines the export behavior.
<DxButton Text="Export to CSV" Click="ExportCsv_Click" />
<DxTreeList Data="TreeListData" KeyFieldName="Id" ParentKeyFieldName="ParentId" @ref="MyTreeList">
<Columns>
<DxTreeListDataColumn FieldName="Name" Caption="Task" />
<DxTreeListDataColumn FieldName="EmployeeName" />
<DxTreeListDataColumn FieldName="StartDate" />
<DxTreeListDataColumn FieldName="DueDate" />
</Columns>
</DxTreeList>
@code {
ITreeList MyTreeList { get; set; }
async Task ExportCsv_Click() {
await MyTreeList.ExportToCsvAsync("ExportResult", new TreeListCsvExportOptions() {
EncodeExecutableContent = true
});
}
}