CodeDOM Serialization
- 2 minutes to read
The Code Document Object Model (CodeDOM) serialization is a legacy approach to storing DevExpress report layouts and report style sheets. A report engine compiles and executes all code contained in a report’s definition file when the report layout is being restored from CodeDOM.
Important
We recommend switching to XML serialization instead if your application still uses CodeDOM serialization.
CodeDOM serialization is not protected against injecting harmful code into a report’s definition and executing it on a client machine when deserializing a report.
This is the main reason why XML serialization has become the default format for saving reports and report style sheets in recent Report Designer versions.
See Reporting Security for more information on security considerations related to storing and distributing DevExpress reports.
Consider other CodeDOM limitations that do not apply to XML serialization:
- It is not available for applications deployed under Medium Trust.
- It requires the full .NET Framework to be installed on a machine. The DevExpress.XtraReports.Extensions assembly is not available under the Client Profile.
See the following documents to learn about the recommended approaches to saving and loading reports:
Enabling CodeDOM Serialization
When your application’s reports require CodeDOM serialization, and you are not concerned with the resulting security implications, you can switch to CodeDOM (for saving both newly created reports and reports restored from XML definitions). These settings do not affect report style sheet serialization (they are still saved in XML format):
using DevExpress.XtraReports.Configuration;
using System.Windows.Forms;
// ...
public partial class Form1 : Form {
public Form1() {
InitializeComponent();
Settings.Default.StorageOptions.SavingFormat =
DevExpress.XtraReports.UI.SerializationFormat.CodeDom;
Settings.Default.StorageOptions.ShouldKeepLoadingFormat = false;
}
}