Skip to main content
All docs
V22.2

Safe Deserialization

DevExpress controls use a safety mechanism for all deserialization operations to improve app security. An exception is thrown if a control attempts to load an unsafe type.

Deserialize Trusted Types

You should review all unsafe type exceptions. If you trust a certain exception type, use the following code to enable deserialization:

DevExpress.Utils.DeserializationSettings.RegisterTrustedClass(typeof(CustomClass)); 

Call the following method to trust all exception types from a specific assembly:

DevExpress.Utils.DeserializationSettings.RegisterTrustedAssembly("CustomAssembly, Version=x.x.x.x, Culture=neutral, PublicKeyToken=xxxxxxxxxxxxxxxx");  
DevExpress.Utils.DeserializationSettings.RegisterTrustedAssembly(typeof(CustomClass).Assembly);  

Trust a Section of Your Code

If you trust a data source that raised a given security exception, you can turn off safe deserialization for certain sections of code:

DevExpress.Utils.DeserializationSettings.InvokeTrusted(()=>{  
    // Trusted deserialization.  
    // gridView1.RestoreLayoutFromXml(fileName);  
});