BindToTypePolicy.QueryNonTrustedTypeValidation Event
Allows you to validate blacklisted and “unknown” types.
Namespace: DevExpress.Utils
Assembly: DevExpress.Data.v24.2.dll
NuGet Package: DevExpress.Data
#Declaration
public static event BindToTypePolicy.WeakEventHandler<BindToTypePolicy.QueryNonTrustedTypeValidationEventArgs> QueryNonTrustedTypeValidation
#Event Data
The QueryNonTrustedTypeValidation event's data class is BindToTypePolicy.QueryNonTrustedTypeValidationEventArgs. The following properties provide information specific to this event:
Property | Description |
---|---|
Assembly |
Gets the assembly name.
Inherited from Bind |
Assembly |
Gets the assembly-qualified name of the type, which includes the name of the assembly from which this Type object is being loaded.
|
Cancel |
Gets or sets a value indicating whether the event should be canceled.
Inherited from Cancel |
Is |
Gets whether the type is whitelisted (the type is safe).
Inherited from Bind |
Is |
Gets whether the type derives from the “safe” type. |
Is |
Gets whether the type is malformed (invalid). |
Is |
Gets whether the type is unsafe. |
Query |
This member supports the internal infrastructure and is not intended to be used directly from your code.
Inherited from Bind |
Type |
Gets the type name. |
The event data class exposes the following methods:
Method | Description |
---|---|
Do |
Specifies that the custom (“unknown”) type is “unsafe” and throws a security warning. |
Trust |
Specifies that the custom (“unknown”) type is “safe” and suppresses a security warning. |
#Remarks
Note
The BindQuery
event to allowed/trusted types.
DevExpress controls generate a security warning if an untrusted type is detected during deserialization. The QueryNonTrustedTypeValidation
event allows you to validate custom types and trust custom types based on a condition (to suppress security warnings).
Use the e.TrustThisType() or e.DoNotTrustThisType method to specify whether or not to trust a custom type (throw a security warning).
Use the following event parameters to identify whether the loaded type is “safe”:
Read the following topic for more information and examples: Safe Deserialization.
#Example
The following example validates custom data types:
using System;
using System.Windows.Forms;
namespace DXApplication {
internal static class Program {
/// <summary>
/// The main entry point for the application.
/// </summary>
[STAThread]
static void Main() {
Application.EnableVisualStyles();
Application.SetCompatibleTextRenderingDefault(false);
DevExpress.Utils.BindToTypePolicy.QueryNonTrustedTypeValidation += BindToTypePolicy_QueryNonTrustedTypeValidation;
Application.Run(new Form1());
}
private static void BindToTypePolicy_QueryNonTrustedTypeValidation(object sender, DevExpress.Utils.BindToTypePolicy.QueryNonTrustedTypeValidationEventArgs e) {
if (e.IsUnsafe)
throw new MyAppLicationSecurityException(e.AssemblyQualifiedTypeName);
if (e.AssemblyName == typeof(Program).Assembly.FullName)
e.TrustThisType();
if (e.TypeName == "ObsoleteJsonDataSource")
e.DoNotTrustThisType();
}
}
}