Skip to main content
BuyLog In
.NET Reporting Tools
Search in…
Docs > Detailed Guide to DevExpress Reporting > Store and Distribute Reports > Store Report Layouts and Documents > XML Serialization
All docs
V23.2
Reporting
Product Information
.NET / .NET Core Support
Get Started with DevExpress Reporting
Create Different Report Types (Walkthroughs)
Detailed Guide to DevExpress Reporting
Introduction to Banded Reports
Bind Reports to Data
Use Report Controls
Use Report Parameters
Shape Report Data
Use Custom Fonts
Arrange Dynamic Report Contents
Customize Appearance
Add Navigation
Provide Interactivity
Add Extra Information
Merge Reports
Use Expressions
Store and Distribute Reports
Store Report Layouts and Documents
Store Report Layouts
XML Serialization
CodeDOM Serialization
Custom Report Storage
Save Report Layouts
Load Report Layouts
Create, Save and Open Report Documents
Manage Report Documents in Code
Export Reports
Print Reports
Print and Export Reports without a Preview
Globalize and Localize Reports
Reporting API
Localize Reporting Applications
Security Considerations
Visual Studio Report Designer
VS Code Report Designer
Reporting for Desktop
Reporting for .NET MAUI
Reporting for Web
Cloud Integration
Cross-Platform .NET App UI
Backend Web API Service / REST API for Reporting
WCF Report Service
End-User Documentation
Redistribution and Deployment
API Reference
ASP.NET Core API Reference
Blazor API Reference
Client API Reference
Client API Reference (Web Forms & MVC)
Download CHM

XML Serialization

  • 3 minutes to read

In DevExpress Reports v17.1 and higher, XML serialization is the default format for saving reports and report style sheets in all Report Designer versions.

Unlike the legacy CodeDOM serialization, XML is protected against injecting harmful code into a report’s definition and executing it on a client machine when deserializing such report.

Important

XML serialization does not protect you from the uncontrolled execution of injected code if an end-user reporting application enables report script execution.

If you have not yet done so, be sure to review the following help topic: DevExpress Reporting - Security Considerations.

XML is the only option to serialize reports in applications not deployed under the Full Trust permission level.

Using XML Serialization

Use the following methods to save reports and report style sheets to XML and safely load them in a Report Designer:

Tip

See the following documents to learn more about how to save and load reports:

Serialization of Custom Objects

You can serialize custom properties by marking them with the [XtraSerializableProperty] attribute.

The following examples illustrate a more advanced way to serialize more complex custom objects with XML (such as custom data sources, custom parameters, or third-party controls added to a report using WinControlContainer):

Serialization of Custom Libraries

The version numbers for serialized custom libraries are maintained automatically. If you encounter problems when serializing your new assembly versions to XML, you can align their version numbers in one of the following ways:

  • Add a bindingRedirect tag to your project’s App.config file:

    ...
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <runtime>
        <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
            <dependentAssembly>
                <assemblyIdentity name="ClassLibrary1" publicKeyToken="2e31d22f60ad8600" culture="neutral"/>
                <bindingRedirect oldVersion="0.0.0.0-99.9.9.9" newVersion="1.1.1.0"/>
            </dependentAssembly>
        </assemblyBinding>
    </runtime>
</configuration>
...

    In this case, you also need to update the newVersion field’s value when creating a new assembly version.

  • Handle the AppDomain.CurrentDomain.AssemblyResolve event in your application:

    // ...
AppDomain.CurrentDomain.AssemblyResolve += 
    new ResolveEventHandler(CurrentDomain_AssemblyResolve);
// ...
System.Reflection.Assembly CurrentDomain_AssemblyResolve(object sender, ResolveEventArgs e) {
    AssemblyName name = new AssemblyName(e.Name);
    Assembly myAssembly = typeof(CustomLayout).Assembly;
    AssemblyName myAssemblyName = myAssembly.GetName();
    if(name.Name == myAssemblyName.Name & 
        name.GetPublicKeyToken().SequenceEqual(myAssemblyName.GetPublicKeyToken()))
        return myAssembly;
    return null;
}
// ...