The requested page is not available for the requested platform. You are viewing the content for Default platform.

Ensure Safe Loading of Reports

  • 2 min to read

This document describes how to disable or enable loading of potentially unsafe reports by end-users in your WPF reporting applications.

When attempting to load a potentially harmful report, the End-User Report Designer for WPF displays the following warning by default:

report-designer-wpf-load-report-warning

A report is considered dangerous on finding any of the following content in it (or in any of its subreports).

Important

See Reporting Security for more information on security considerations related to storing and distributing DevExpress reports.

The following code illustrates how to disable loading such reports by end-users.

public partial class MainWindow : System.Windows.Window {
    public MainWindow() {
        InitializeComponent();
        DevExpress.XtraReports.Configuration.Settings.Default.UserDesignerOptions.ReportLoadingRestrictionLevel =
DevExpress.XtraReports.UI.RestrictionLevel.Disable;
    }
}

Using the code above will result in displaying the following message on an attempt to load a suspicious report by an end-user.

report-designer-wpf-load-report-disabled-warning

In a restricted environment, when all reports are guaranteed to be safe, you can disable this warning and allow end-users to load any report by setting the UserDesignerOptions.ReportLoadingRestrictionLevel property to RestrictionLevel.Enable.

The following code enables you to learn whether a specific report is considered dangerous. On finding any security warnings, they will be listed in the Output window of the Visual Studio.

var traceSource = DevExpress.XtraPrinting.Tracer.GetSource("DXperience.Reporting", 
    System.Diagnostics.SourceLevels.Error | System.Diagnostics.SourceLevels.Warning);
var listener = new System.Diagnostics.DefaultTraceListener();
traceSource.Listeners.Add(listener);
try {
    new XtraReport1().ShowRibbonDesignerDialog();
} finally {
    traceSource.Listeners.Remove(listener);
}