Skip to main content
All docs

Safe Deserialization

DevExpress controls use a safety mechanism for all deserialization operations to improve app security. An exception is thrown if a control attempts to load an unsafe type.

Deserialize Trusted Types

You should review all unsafe type exceptions. If you trust a certain exception type, use the following code to enable deserialization:


Call the following method to trust all exception types from a specific assembly:

DevExpress.Utils.DeserializationSettings.RegisterTrustedAssembly("CustomAssembly, Version=x.x.x.x, Culture=neutral, PublicKeyToken=xxxxxxxxxxxxxxxx");  

Trust a Section of Your Code

If you trust a data source that raised a given security exception, you can turn off safe deserialization for certain sections of code:

    // Trusted deserialization.  
    // gridView1.RestoreLayoutFromXml(fileName);