Skip to main content

XtraReport.LoadLayout(Stream) Method

SECURITY NOTE

Do not open/load files obtained from untrusted sources. Such files may pose a security risk. Please review the following article for additional information: Suppress Control Requests to Download Data from External URLs

Loads a report from a Stream that contains XML or CodeDOM-based serialized report.

Namespace: DevExpress.XtraReports.UI

Assembly: DevExpress.XtraReports.v24.2.dll

NuGet Package: DevExpress.Reporting.Core

Declaration

public void LoadLayout(
    Stream stream
)

Parameters

Name Type Description
stream Stream

A Stream object that contains the report serialization data.

Remarks

TheLoadLayout method allows you to deserialize a report from XML or CodeDOM-based serialization data created with the following methods:

TheLoadLayout method automatically determines whether the specified file contains a serialized XML or CodeDOM-based report and uses the appropriate procedure to load the report. For security reasons, you may decide to use the XtraReport.LoadLayoutFromXml(Stream) method instead, to load only XML-serialized reports.

Note

Deserialization of reports received from untrusted parties can trigger the execution of malicious code, which can either be directly embedded in the report definition or contained in an external assembly referenced by the report.

To avoid this, we recommend that you use XML serialization instead of CodeDOM (so that reports can be safely deserialized using the XtraReport.LoadLayoutFromXml method instead of the less secure LoadLayout method) and prevent any untrusted third-party libraries from being available on the server.

The CodeDOM serialization is not supported under the Full Trust permission level, and XML serialization is the only option to save reports.

Review the following topics for more information:

See Also