Ensure Safe Loading of Reports

  • 2 minutes to read

This document describes how to disable or enable loading of potentially unsafe reports by end-users in your WinForms reporting applications.

When attempting to load a potentially harmful report, desktop End-User Report Designers (WinForms and WPF) display the following warning by default:


A report is considered dangerous on finding any of the following content in it (or in any of its subreports):


Review the following topic for information on security issues related to report storage and distribution: Reporting Security.

The following code illustrates how to disable loading such reports by end-users.

static class Program {
    static void Main() {
        DevExpress.XtraReports.Configuration.Settings.Default.UserDesignerOptions.ReportLoadingRestrictionLevel =

Using the code above will result in displaying the following message on an attempt to load a suspicious report by an end-user.


In a restricted environment, when all reports are guaranteed to be safe, you can disable this warning and allow end-users to load any report by setting the UserDesignerOptions.ReportLoadingRestrictionLevel property to RestrictionLevel.Enable.

The following code enables you to learn whether a specific report is considered dangerous. On finding any security warnings, they will be listed in the Output window of Visual Studio.

var traceSource = DevExpress.XtraPrinting.Tracer.GetSource("DXperience.Reporting", 
    System.Diagnostics.SourceLevels.Error | System.Diagnostics.SourceLevels.Warning);
var listener = new System.Diagnostics.DefaultTraceListener();
try {
    new XtraReport1().ShowRibbonDesignerDialog();
} finally {