Skip to main content

DevExpress v24.2 Update — Your Feedback Matters

Our What's New in v24.2 webpage includes product-specific surveys. Your response to our survey questions will help us measure product satisfaction for features released in this major update and help us refine our plans for our next major release.

Take the survey Not interested

CodeDOM Serialization

  • 2 minutes to read

The Code Document Object Model (CodeDOM) serialization is a legacy way to store DevExpress report layouts and report style sheets. A report engine compiles and executes all code in a report’s definition file when the report layout is restored from CodeDOM.

Important

We recommend switching to XML serialization instead if your application still uses CodeDOM serialization.

CodeDOM serialization is not protected against the injection of harmful code into a report’s definition and the execution of this code on a client machine when a report is deserialized.

This is the main reason why XML serialization has become the default format for saving reports and report style sheets in recent Report Designer versions.

If you have not yet done so, be sure to review the following help topic: DevExpress Reporting - Security Considerations.

CodeDOM requires full .NET Framework to be installed on a machine. The DevExpress.XtraReports.Extensions assembly is not available under the Client Profile.

See the following documents to learn about the recommended techniques to save and load reports:

#Enable CodeDOM Serialization

If your application’s reports require CodeDOM serialization, and you have considered associated security implications, you can switch to CodeDOM. This setting affects both newly created reports and reports restored from XML definitions. Note that this setting does not affect report style sheet serialization - style sheets are still saved in XML format.

using DevExpress.XtraReports.Configuration;
using System.Windows.Forms;
// ...

public partial class Form1 : Form {
    public Form1() {
        InitializeComponent();
        Settings.Default.StorageOptions.SavingFormat = 
            DevExpress.XtraReports.UI.SerializationFormat.CodeDom;
        Settings.Default.StorageOptions.ShouldKeepLoadingFormat = false;
    }
}

#Enable CodeDOM Deserialization

DevExpress Reports default configuration does not allow you to load reports stored using CodeDOM serialization.

Set Settings.AllowCodeDomLayoutDeserialization to true at application startup to load reports stored using CodeDOM serialization. You can use the following methods:

CodeDomLayoutDeserializationRestrictedException is thrown on an attempt to load reports stored using CodeDOM serialization when AllowCodeDomLayoutDeserialization is false.

See Also