Skip to main content

CodeDOM Serialization

  • 2 minutes to read

The Code Document Object Model (CodeDOM) serialization is a legacy way to store DevExpress report layouts and report style sheets. A report engine compiles and executes all code contained in a report’s definition file when the report layout is being restored from CodeDOM.


We recommend switching to XML serialization instead if your application still uses CodeDOM serialization.

CodeDOM serialization is not protected against the injection of harmful code into a report’s definition and the execution of this code on a client machine when a report is deserialized.

This is the main reason why XML serialization has become the default format for saving reports and report style sheets in recent Report Designer versions.

If you have not yet done so, be sure to review the following help topic: DevExpress Reporting - Security Considerations.

CodeDOM requires the full .NET Framework to be installed on a machine. The DevExpress.XtraReports.Extensions assembly is not available under the Client Profile.

See the following documents to learn about the recommended techniques to save and load reports:

Enabling CodeDOM Serialization

When your application’s reports require CodeDOM serialization, and you are not concerned with the resulting security implications, you can switch to CodeDOM (which saves both newly created reports and reports restored from XML definitions). These settings do not affect report style sheet serialization (style sheets are still saved in XML format):

using DevExpress.XtraReports.Configuration;
using System.Windows.Forms;
// ...

public partial class Form1 : Form {
    public Form1() {
        Settings.Default.StorageOptions.SavingFormat = 
        Settings.Default.StorageOptions.ShouldKeepLoadingFormat = false;
See Also