Skip to main content

Ensure Safe Loading of Reports

  • 2 minutes to read

This document describes how to disable or enable loading of potentially unsafe reports by end-users in your WPF reporting applications.

When attempting to load a potentially harmful report, the End-User Report Designer for WPF displays the following warning by default:

report-designer-wpf-load-report-warning

A report is considered dangerous on finding any of the following content in it (or in any of its subreports).

Important

Review the following topic for information on security issues related to report storage and distribution: Reporting Security.

The following code illustrates how to disable loading such reports by end-users.

public partial class MainWindow : System.Windows.Window {
    public MainWindow() {
        InitializeComponent();
        DevExpress.XtraReports.Configuration.Settings.Default.UserDesignerOptions.ReportLoadingRestrictionLevel =
DevExpress.XtraReports.UI.RestrictionLevel.Disable;
    }
}

Using the code above will result in displaying the following message on an attempt to load a suspicious report by an end-user.

report-designer-wpf-load-report-disabled-warning

In a restricted environment, when all reports are guaranteed to be safe, you can disable this warning and allow end-users to load any report by setting the UserDesignerOptions.ReportLoadingRestrictionLevel property to RestrictionLevel.Enable.

The following code enables you to learn whether a specific report is considered dangerous. On finding any security warnings, they will be listed in the Output window of the Visual Studio.

var traceSource = DevExpress.XtraPrinting.Tracer.GetSource("DXperience.Reporting", 
    System.Diagnostics.SourceLevels.Error | System.Diagnostics.SourceLevels.Warning);
var listener = new System.Diagnostics.DefaultTraceListener();
traceSource.Listeners.Add(listener);
try {
    new XtraReport1().ShowRibbonDesignerDialog();
} finally {
    traceSource.Listeners.Remove(listener);
}