Skip to main content

XML Serialization

  • 3 minutes to read

In DevExpress Reports v17.1 and higher, XML serialization is the default format for saving reports and report style sheets in all Report Designer versions.

Unlike the legacy CodeDOM serialization, XML is protected against injecting harmful code into a report’s definition and executing it on a client machine when deserializing such report.

Important

XML serialization does not protect you from the uncontrolled execution of injected code if an end-user reporting application enables report script execution.

Review the following topic for information on security issues related to report storage and distribution: Reporting Security.

XML is the only option to serialize reports in applications not deployed under the Full Trust permission level.

Using XML Serialization

Use the following methods to save reports and report style sheets to XML and safely load them in a Report Designer:

Tip

See the following documents to learn more about how to save and load reports:

Serialization of Custom Objects

You can serialize custom properties by marking them with the [XtraSerializableProperty] attribute.

The following examples illustrate a more advanced way to serialize more complex custom objects with XML (such as custom data sources, custom parameters, or third-party controls added to a report using WinControlContainer):

Serialization of Custom Libraries

The version numbers for serialized custom libraries are maintained automatically. If you encounter problems when serializing your new assembly versions to XML, you can align their version numbers in one of the following ways:

  • Add a bindingRedirect tag to your project’s App.config file:

    ...
    <?xml version="1.0" encoding="utf-8" ?>
    <configuration>
        <runtime>
            <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
                <dependentAssembly>
                    <assemblyIdentity name="ClassLibrary1" publicKeyToken="2e31d22f60ad8600" culture="neutral"/>
                    <bindingRedirect oldVersion="0.0.0.0-99.9.9.9" newVersion="1.1.1.0"/>
                </dependentAssembly>
            </assemblyBinding>
        </runtime>
    </configuration>
    ...
    

    In this case, you also need to update the newVersion field’s value when creating a new assembly version.

  • Handle the AppDomain.CurrentDomain.AssemblyResolve event in your application:

    // ...
    AppDomain.CurrentDomain.AssemblyResolve += 
        new ResolveEventHandler(CurrentDomain_AssemblyResolve);
    // ...
    System.Reflection.Assembly CurrentDomain_AssemblyResolve(object sender, ResolveEventArgs e) {
        AssemblyName name = new AssemblyName(e.Name);
        Assembly myAssembly = typeof(CustomLayout).Assembly;
        AssemblyName myAssemblyName = myAssembly.GetName();
        if(name.Name == myAssemblyName.Name & 
            name.GetPublicKeyToken().SequenceEqual(myAssemblyName.GetPublicKeyToken()))
            return myAssembly;
        return null;
    }
    // ...