BindToTypePolicy.QueryNonTrustedTypeValidation Event
Allows you to validate blacklisted and “unknown” types.
Namespace: DevExpress.Utils
Assembly: DevExpress.Data.v24.2.dll
Declaration
public static event BindToTypePolicy.WeakEventHandler<BindToTypePolicy.QueryNonTrustedTypeValidationEventArgs> QueryNonTrustedTypeValidation
Event Data
The QueryNonTrustedTypeValidation event's data class is BindToTypePolicy.QueryNonTrustedTypeValidationEventArgs. The following properties provide information specific to this event:
Property | Description |
---|---|
AssemblyName | Gets the assembly name. Inherited from BindToTypePolicy.BindToTypeBaseQueryArgs. |
AssemblyQualifiedTypeName |
Gets the assembly-qualified name of the type, which includes the name of the assembly from which this Type object is being loaded.
|
Cancel | Gets or sets a value indicating whether the event should be canceled. Inherited from CancelEventArgs. |
IsKnownType | Gets whether the type is whitelisted (the type is safe). Inherited from BindToTypePolicy.BindToTypeBaseQueryArgs. |
IsKnownTypeDescendant | Gets whether the type derives from the “safe” type. |
IsMalformedOrCorrupted | Gets whether the type is malformed (invalid). |
IsUnsafe | Gets whether the type is unsafe. |
QueryLevel | This member supports the internal infrastructure and is not intended to be used directly from your code. Inherited from BindToTypePolicy.BindToTypeBaseQueryArgs. |
TypeName | Gets the type name. |
The event data class exposes the following methods:
Method | Description |
---|---|
DoNotTrustThisType() | Specifies that the custom (“unknown”) type is “unsafe” and throws a security warning. |
TrustThisType(Boolean) | Specifies that the custom (“unknown”) type is “safe” and suppresses a security warning. |
Remarks
Note
The BindToTypePolicy does not fire the QueryNonTrustedTypeValidation
event to allowed/trusted types.
DevExpress controls generate a security warning if an untrusted type is detected during deserialization. The QueryNonTrustedTypeValidation
event allows you to validate custom types and trust custom types based on a condition (to suppress security warnings).
Use the e.TrustThisType() or e.DoNotTrustThisType method to specify whether or not to trust a custom type (throw a security warning).
Use the following event parameters to identify whether the loaded type is “safe”:
Read the following topic for more information and examples: Safe Deserialization.
Example
The following example validates custom data types:
using System;
using System.Windows.Forms;
namespace DXApplication {
internal static class Program {
/// <summary>
/// The main entry point for the application.
/// </summary>
[STAThread]
static void Main() {
Application.EnableVisualStyles();
Application.SetCompatibleTextRenderingDefault(false);
DevExpress.Utils.BindToTypePolicy.QueryNonTrustedTypeValidation += BindToTypePolicy_QueryNonTrustedTypeValidation;
Application.Run(new Form1());
}
private static void BindToTypePolicy_QueryNonTrustedTypeValidation(object sender, DevExpress.Utils.BindToTypePolicy.QueryNonTrustedTypeValidationEventArgs e) {
if (e.IsUnsafe)
throw new MyAppLicationSecurityException(e.AssemblyQualifiedTypeName);
if (e.AssemblyName == typeof(Program).Assembly.FullName)
e.TrustThisType();
if (e.TypeName == "ObsoleteJsonDataSource")
e.DoNotTrustThisType();
}
}
}