Skip to main content

DevExpress v24.2 Update — Your Feedback Matters

Our What's New in v24.2 webpage includes product-specific surveys. Your response to our survey questions will help us measure product satisfaction for features released in this major update and help us refine our plans for our next major release.

Take the survey Not interested

ScriptPermissionManager.GlobalInstance Property

SECURITY NOTE

Report scripts are not secure and are disabled by default. We recommend that you use expression bindings to customize your reports. Use scripts only if you trust your reports and you cannot switch to expression bindings.

How to implement secure report scripts

Specifies the script security permission level applied to the application.

Namespace: DevExpress.XtraReports.Security

Assembly: DevExpress.XtraReports.v24.2.dll

NuGet Package: DevExpress.Reporting.Core

#Declaration

public static ScriptPermissionManager GlobalInstance { get; set; }

#Property Value

Type Description
ScriptPermissionManager

A ScriptPermissionManager object.

#Remarks

To specify the report script execution mode for the entire application, perform the following steps:

  1. Instantiate the ScriptPermissionManager class with the specified mode at application startup.
  2. Assign the ScriptPermissionManager instance to the GlobalInstance static property.

The following code snippet disables script execution in a reporting application:

using DevExpress.XtraReports.Security;
using System;
// ...

protected void Application_Start(object sender, EventArgs e) {
    ScriptPermissionManager.GlobalInstance = new ScriptPermissionManager(ExecutionMode.Deny);
}
See Also