ASPxWebDocumentViewer.AllowURLsWithJSContent Property
SECURITY NOTE
Setting this property to true
may introduce security-related issues because report scripts are not secure. Review the following topic to learn how to protect websites from cross-site scripting (XSS) attacks: Scripts Security.
Specifies whether or not the execution of the JavaScript code placed in URLs is allowed.
Namespace: DevExpress.XtraReports.Web
Assembly: DevExpress.XtraReports.v24.1.Web.WebForms.dll
NuGet Package: DevExpress.Web.Reporting
Declaration
Property Value
Type | Default | Description |
---|---|---|
Boolean | false | true, to allow the execution of the JavaScript code placed in URLs; otherwise, false. |
Remarks
By default, in the ASPxWebDocumentViewer, the execution of JavaScript code placed in URLs is prohibited, since this behavior creates the possibility of a phishing attack and makes executing queries from users viewing reports possible.
Enable the AllowURLsWithJSContent
setting when you need to insert JavaScript code into the URL.