Skip to main content
All docs
V24.1

BindToTypePolicy.QueryNonTrustedTypeValidation Event

Allows you to validate blacklisted and “unknown” types.

Namespace: DevExpress.Utils

Assembly: DevExpress.Data.v24.1.dll

NuGet Package: DevExpress.Data

Declaration

public static event BindToTypePolicy.WeakEventHandler<BindToTypePolicy.QueryNonTrustedTypeValidationEventArgs> QueryNonTrustedTypeValidation

Event Data

The QueryNonTrustedTypeValidation event's data class is BindToTypePolicy.QueryNonTrustedTypeValidationEventArgs. The following properties provide information specific to this event:

Property Description
AssemblyName Gets the assembly name. Inherited from BindToTypePolicy.BindToTypeBaseQueryArgs.
AssemblyQualifiedTypeName Gets the assembly-qualified name of the type, which includes the name of the assembly from which this Type object is being loaded.
Cancel Gets or sets a value indicating whether the event should be canceled. Inherited from CancelEventArgs.
IsKnownType Gets whether the type is whitelisted (the type is safe). Inherited from BindToTypePolicy.BindToTypeBaseQueryArgs.
IsKnownTypeDescendant Gets whether the type derives from the “safe” type.
IsMalformedOrCorrupted Gets whether the type is malformed (invalid).
IsUnsafe Gets whether the type is unsafe.
QueryLevel This member supports the internal infrastructure and is not intended to be used directly from your code. Inherited from BindToTypePolicy.BindToTypeBaseQueryArgs.
TypeName Gets the type name.

The event data class exposes the following methods:

Method Description
DoNotTrustThisType() Specifies that the custom (“unknown”) type is “unsafe” and throws a security warning.
TrustThisType(Boolean) Specifies that the custom (“unknown”) type is “safe” and suppresses a security warning.

Remarks

Note

The BindToTypePolicy does not fire the QueryNonTrustedTypeValidation event to allowed/trusted types.

DevExpress controls generate a security warning if an untrusted type is detected during deserialization. The QueryNonTrustedTypeValidation event allows you to validate custom types and trust custom types based on a condition (to suppress security warnings).

Use the e.TrustThisType() or e.DoNotTrustThisType method to specify whether or not to trust a custom type (throw a security warning).

Use the following event parameters to identify whether the loaded type is “safe”:

Read the following topic for more information and examples: Safe Deserialization.

Example

The following example validates custom data types:

using System;
using System.Windows.Forms;

namespace DXApplication {
    internal static class Program {
        /// <summary>
        /// The main entry point for the application.
        /// </summary>
        [STAThread]
        static void Main() {
            Application.EnableVisualStyles();
            Application.SetCompatibleTextRenderingDefault(false);
            DevExpress.Utils.BindToTypePolicy.QueryNonTrustedTypeValidation += BindToTypePolicy_QueryNonTrustedTypeValidation;
            Application.Run(new Form1());
        }
        private static void BindToTypePolicy_QueryNonTrustedTypeValidation(object sender, DevExpress.Utils.BindToTypePolicy.QueryNonTrustedTypeValidationEventArgs e) {
            if (e.IsUnsafe)
                throw new MyAppLicationSecurityException(e.AssemblyQualifiedTypeName);
            if (e.AssemblyName == typeof(Program).Assembly.FullName)
                e.TrustThisType();
            if (e.TypeName == "ObsoleteJsonDataSource")
                e.DoNotTrustThisType();
        }
    }
}
See Also