Ensure Safe Loading of Reports
- 2 minutes to read
This document describes how to disable or enable loading of potentially unsafe reports by end-users in your WinForms reporting applications.
When attempting to load a potentially harmful report, desktop End-User Report Designers (WinForms and WPF) display the following warning by default:
A report is considered dangerous on finding any of the following content in it (or in any of its subreports):
Important
Review the following help topic for information on security issues related to report storage and distribution: Reporting Security.
The following code illustrates how to disable loading such reports by end-users.
static class Program {
static void Main() {
DevExpress.XtraReports.Configuration.Settings.Default.UserDesignerOptions.ReportLoadingRestrictionLevel =
DevExpress.XtraReports.UI.RestrictionLevel.Disable;
}
}
Using the code above will result in displaying the following message on an attempt to load a suspicious report by an end-user.
In a restricted environment, when all reports are guaranteed to be safe, you can disable this warning and allow end-users to load any report by setting the UserDesignerOptions.ReportLoadingRestrictionLevel property to RestrictionLevel.Enable.
The following code enables you to learn whether a specific report is considered dangerous. On finding any security warnings, they will be listed in the Output window of Visual Studio.
var traceSource = DevExpress.XtraPrinting.Tracer.GetSource("DXperience.Reporting",
System.Diagnostics.SourceLevels.Error | System.Diagnostics.SourceLevels.Warning);
var listener = new System.Diagnostics.DefaultTraceListener();
traceSource.Listeners.Add(listener);
try {
new XtraReport1().ShowRibbonDesignerDialog();
} finally {
traceSource.Listeners.Remove(listener);
}