XML Serialization
- 3 minutes to read
Starting with DevExpress Reports version 17.1, XML serialization is the default format for saving reports and report style sheets in all Report Designer versions.
Unlike the legacy CodeDOM serialization, XML is protected against injecting harmful code into a report’s definition and executing it on a client machine when deserializing such report.
Important
XML serialization does not protect you from the uncontrolled execution of injected code if an end-user reporting application enables report script execution.
See Reporting Security for more information on security considerations related to storing and distributing DevExpress reports.
XML is the only option to serialize reports in applications deployed under the Medium Trust permission level.
Using XML Serialization
Use the following methods to save reports and report style sheets to XML and safely load them in a Report Designer:
- Use the XtraReport.SaveLayoutToXml and XtraReport.LoadLayoutFromXml methods for saving and loading reports in code.
- Use the XRControlStyleSheet.SaveXmlToFile, XRControlStyleSheet.SaveXmlToStream, and XRControlStyleSheet.LoadFromXml methods for saving report style sheets.
Tip
See the following documents to learn more about saving and loading reports:
Serialization of Custom Objects
You can serialize custom properties by marking them with the [XtraSerializableProperty] attribute.
The following examples illustrate a more advanced approach to XML serialization of more complex custom objects (such as custom data sources, custom parameters or third-party controls added to a report using WinControlContainer):
- How to serialize parameters of custom types
- How to serialize a dataset to an XML file
- How to serialize an XPO data source
Serialization of Custom Libraries
The version numbers for serialized custom libraries are maintained automatically. If you encounter problems when serializing your new assembly versions to XML, you can align their version numbers in one of the following ways:
Add a bindingRedirect tag to your project’s App.config file:
... <?xml version="1.0" encoding="utf-8" ?> <configuration> <runtime> <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1"> <dependentAssembly> <assemblyIdentity name="ClassLibrary1" publicKeyToken="2e31d22f60ad8600" culture="neutral"/> <bindingRedirect oldVersion="0.0.0.0-99.9.9.9" newVersion="1.1.1.0"/> </dependentAssembly> </assemblyBinding> </runtime> </configuration> ...
In this case, you also need to update the newVersion field’s value when creating a new assembly version.
Handle the AppDomain.CurrentDomain.AssemblyResolve event in your application:
// ... AppDomain.CurrentDomain.AssemblyResolve += new ResolveEventHandler(CurrentDomain_AssemblyResolve); // ... System.Reflection.Assembly CurrentDomain_AssemblyResolve(object sender, ResolveEventArgs e) { AssemblyName name = new AssemblyName(e.Name); Assembly myAssembly = typeof(CustomLayout).Assembly; AssemblyName myAssemblyName = myAssembly.GetName(); if(name.Name == myAssemblyName.Name & name.GetPublicKeyToken().SequenceEqual(myAssemblyName.GetPublicKeyToken())) return myAssembly; return null; } // ...