XML Serialization

Starting with DevExpress Reports version 17.1, XML serialization is the default format for saving reports and report style sheets in all Report Designer versions.

Unlike the legacy CodeDOM serialization, XML is protected against injecting harmful code into a report's definition and executing it on a client machine when deserializing such report.

Important

XML serialization does not protect you from the uncontrolled execution of injected code if an end-user reporting application enables report script execution.

See Reporting Security for more information on security considerations related to storing and distributing DevExpress reports.

XML is the only option to serialize reports in applications deployed under the Medium Trust permission level.

Using XML Serialization

Use the following methods to save reports and report style sheets to XML and safely load them in a Report Designer:

Tip

See the following documents to learn more about saving and loading reports:

Serialization of Custom Objects

You can serialize custom properties by marking them with the [XtraSerializableProperty] attribute.

The following examples illustrate a more advanced approach to XML serialization of more complex custom objects (such as custom data sources, custom parameters or third-party controls added to a report using WinControlContainer):

Serialization of Custom Libraries

The version numbers for serialized custom libraries are maintained automatically. If you encounter problems when serializing your new assembly versions to XML, you can align their version numbers in one of the following ways:

  • Add a bindingRedirect tag to your project's App.config file:

    ...
    <?xml version="1.0" encoding="utf-8" ?>
    <configuration>
        <runtime>
            <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
                <dependentAssembly>
                    <assemblyIdentity name="ClassLibrary1" publicKeyToken="2e31d22f60ad8600" culture="neutral"/>
                    <bindingRedirect oldVersion="0.0.0.0-99.9.9.9" newVersion="1.1.1.0"/>
                </dependentAssembly>
            </assemblyBinding>
        </runtime>
    </configuration>
    ...
    

    In this case, you also need to update the newVersion field's value when creating a new assembly version.

  • Handle the AppDomain.CurrentDomain.AssemblyResolve event in your application:

    // ...
    AppDomain.CurrentDomain.AssemblyResolve += 
        new ResolveEventHandler(CurrentDomain_AssemblyResolve);
    // ...
    System.Reflection.Assembly CurrentDomain_AssemblyResolve(object sender, ResolveEventArgs e) {
        AssemblyName name = new AssemblyName(e.Name);
        Assembly myAssembly = typeof(CustomLayout).Assembly;
        AssemblyName myAssemblyName = myAssembly.GetName();
        if(name.Name == myAssemblyName.Name & 
            name.GetPublicKeyToken().SequenceEqual(myAssemblyName.GetPublicKeyToken()))
            return myAssembly;
        return null;
    }
    // ...