The requested page is not available for the requested platform. You are viewing the content for Default platform.

Ensure Safe Loading of Reports

  • 2 min to read

This document describes how to disable or enable loading of potentially unsafe reports by end-users in your WinForms reporting applications.

When attempting to load a potentially harmful report, desktop End-User Report Designers (WinForms and WPF) display the following warning by default:

report-designer-load-report-warning

A report is considered dangerous on finding any of the following content in it (or in any of its subreports):

Important

See Reporting Security for more information on security considerations related to storing and distributing DevExpress reports.

The following code illustrates how to disable loading such reports by end-users.

static class Program {
    static void Main() {
        DevExpress.XtraReports.Configuration.Settings.Default.UserDesignerOptions.ReportLoadingRestrictionLevel =
    DevExpress.XtraReports.UI.RestrictionLevel.Disable;
    }
}

Using the code above will result in displaying the following message on an attempt to load a suspicious report by an end-user.

report-designer-load-report-disabled-warning

In a restricted environment, when all reports are guaranteed to be safe, you can disable this warning and allow end-users to load any report by setting the UserDesignerOptions.ReportLoadingRestrictionLevel property to RestrictionLevel.Enable.

The following code enables you to learn whether a specific report is considered dangerous. On finding any security warnings, they will be listed in the Output window of the Visual Studio.

var traceSource = DevExpress.XtraPrinting.Tracer.GetSource("DXperience.Reporting", 
    System.Diagnostics.SourceLevels.Error | System.Diagnostics.SourceLevels.Warning);
var listener = new System.Diagnostics.DefaultTraceListener();
traceSource.Listeners.Add(listener);
try {
    new XtraReport1().ShowRibbonDesignerDialog();
} finally {
    traceSource.Listeners.Remove(listener);
}