CodeDOM Serialization

  • 2 minutes to read

The Code Document Object Model (CodeDOM) serialization is a legacy approach to storing DevExpress report layouts and report style sheets. A report engine compiles and executes all code contained in a report’s definition file when the report layout is being restored from CodeDOM.


We recommend switching to XML serialization instead if your application still uses CodeDOM serialization.

CodeDOM serialization is not protected against injecting harmful code into a report’s definition and executing it on a client machine when deserializing a report.

This is the main reason why XML serialization has become the default format for saving reports and report style sheets in recent Report Designer versions.

Review the following topic for information on security issues related to report storage and distribution: Reporting Security.

Consider other CodeDOM limitations that do not apply to XML serialization:

See the following documents to learn about the recommended approaches to saving and loading reports:

Enabling CodeDOM Serialization

When your application’s reports require CodeDOM serialization, and you are not concerned with the resulting security implications, you can switch to CodeDOM (for saving both newly created reports and reports restored from XML definitions). These settings do not affect report style sheet serialization (they are still saved in XML format):

using DevExpress.XtraReports.Configuration;
using System.Windows.Forms;
// ...

public partial class Form1 : Form {
    public Form1() {
        Settings.Default.StorageOptions.SavingFormat = 
        Settings.Default.StorageOptions.ShouldKeepLoadingFormat = false;
See Also