ExportSettings.EncodeCsvExecutableContent Property
Gets or sets whether to encode potentially dangerous content when it is exported to a CSV file.
Namespace: DevExpress.Export
Assembly: DevExpress.Printing.v23.2.Core.dll
NuGet Package: DevExpress.Printing.Core
Declaration
Property Value
| Type | Description |
|---|---|
| DefaultBoolean | True, to encode potentially dangeorous content; otherwise, False. Default, to follow the default behavior. |
Available values:
| Name | Description | Return Value |
|---|---|---|
| True | The value is true. |
|
| False | The value is false. |
|
| Default | The value is specified by a global option or a higher-level object. |
|
Remarks
Exported data can contain executable content. Such content makes it possible to execute dangerous commands if a user opens a file in Microsoft Excel and confirms that the file can be loaded and commands executed.
Set the EncodeCsvExecutableContent property to True to encode executable content from all controls and documents at the application level when these controls or documents are exported to CSV.
If this property is set to Default, executable content is not encoded.
// ASP.NET
void Application_Start(object sender, EventArgs e) {
DevExpress.Export.ExportSettings.EncodeCsvExecutableContent = DevExpress.Utils.DefaultBoolean.True;
}
To encode a specific control or document’s executable content, use this control or document’s CsvExportOptions.EncodeExecutableContent property instead.
// ASP.NET Web Forms GridView
protected void ExportToCSVButton_Click(object sender, EventArgs e){
var options = new CsvExportOptionsEx();
options.EncodeExecutableContent = DefaultBoolean.True;
Grid.ExportCsvToResponse(options);
}
Tip
The EncodeExecutableContent property overrides the EncodeCsvExecutableContent property. If EncodeExecutableContent is set to True, executable content is encoded even if EncodeCsvExecutableContent is set to False.