Skip to main content
BuyLog In
.NET Reporting Tools
Search in…
Docs > Detailed Guide to DevExpress Reporting > Store and Distribute Reports > Store Report Layouts and Documents > CodeDOM Serialization
All docs
V24.2
Reporting
Product Information
What's New
.NET Support
Get Started with DevExpress Reporting
Create Different Report Types (Walkthroughs)
Detailed Guide to DevExpress Reporting
Introduction to Banded Reports
Bind Reports to Data
Use Report Controls
Use Report Parameters
Shape Report Data
Use Custom Fonts
Arrange Dynamic Report Contents
Customize Appearance
Add Navigation
Provide Interactivity
Add Extra Information
Merge Reports
Use Expressions
Store and Distribute Reports
Store Report Layouts and Documents
Store Report Layouts
XML Serialization
CodeDOM Serialization
Custom Report Storage
Save Report Layouts
Load Report Layouts
Create, Save, and Open Report Documents
Manage Report Documents in Code
Export Reports
Print Reports
Print and Export Reports without a Preview
Globalize and Localize Reports
Reporting API
Memory Usage in Reporting - Best Practices
Localize Reporting Applications
Security Considerations
AI-powered Extensions
Visual Studio Report Designer
VS Code Report Designer
Reporting for Desktop
Reporting for .NET MAUI
Reporting for Web
Reporting .NET Migration Guides
Cloud Integration
.NET Aspire Integration
Cross-Platform .NET App UI
Backend Web API Service / REST API for Reporting
WCF Report Service
End-User Documentation
Redistribution and Deployment
API Reference
ASP.NET Core API Reference
Blazor API Reference
Client API Reference
Client API Reference (Web Forms & MVC)
Download CHM

DevExpress v24.2 Update — Your Feedback Matters

Our What's New in v24.2 webpage includes product-specific surveys. Your response to our survey questions will help us measure product satisfaction for features released in this major update and help us refine our plans for our next major release.

Take the survey Not interested

CodeDOM Serialization

  • 2 minutes to read
In This Article
Enable CodeDOM Serialization
Enable CodeDOM Deserialization

The Code Document Object Model (CodeDOM) serialization is a legacy way to store DevExpress report layouts and report style sheets. A report engine compiles and executes all code in a report’s definition file when the report layout is restored from CodeDOM.

Important

We recommend switching to XML serialization instead if your application still uses CodeDOM serialization.

CodeDOM serialization is not protected against the injection of harmful code into a report’s definition and the execution of this code on a client machine when a report is deserialized.

This is the main reason why XML serialization has become the default format for saving reports and report style sheets in recent Report Designer versions.

If you have not yet done so, be sure to review the following help topic: DevExpress Reporting - Security Considerations.

CodeDOM requires full .NET Framework to be installed on a machine. The DevExpress.XtraReports.Extensions assembly is not available under the Client Profile.

See the following documents to learn about the recommended techniques to save and load reports:

#Enable CodeDOM Serialization

If your application’s reports require CodeDOM serialization, and you have considered associated security implications, you can switch to CodeDOM. This setting affects both newly created reports and reports restored from XML definitions. Note that this setting does not affect report style sheet serialization - style sheets are still saved in XML format.

using DevExpress.XtraReports.Configuration;
using System.Windows.Forms;
// ...

public partial class Form1 : Form {
    public Form1() {
        InitializeComponent();
        Settings.Default.StorageOptions.SavingFormat = 
            DevExpress.XtraReports.UI.SerializationFormat.CodeDom;
        Settings.Default.StorageOptions.ShouldKeepLoadingFormat = false;
    }
}

#Enable CodeDOM Deserialization

DevExpress Reports default configuration does not allow you to load reports stored using CodeDOM serialization.

Set Settings.AllowCodeDomLayoutDeserialization to true at application startup to load reports stored using CodeDOM serialization. You can use the following methods:

CodeDomLayoutDeserializationRestrictedException is thrown on an attempt to load reports stored using CodeDOM serialization when AllowCodeDomLayoutDeserialization is false.

See Also