Skip to main content

ASPxWebDocumentViewer.AllowURLsWithJSContent Property

SECURITY NOTE

Setting this property to true may introduce security-related issues because report scripts are not secure. Review the following topic to learn how to protect websites from cross-site scripting (XSS) attacks: Scripts Security.

Specifies whether or not the execution of the JavaScript code placed in URLs is allowed.

Namespace: DevExpress.XtraReports.Web

Assembly: DevExpress.XtraReports.v24.1.Web.WebForms.dll

NuGet Package: DevExpress.Web.Reporting

Declaration

[DefaultValue(false)]
public bool AllowURLsWithJSContent { get; set; }

Property Value

Type Default Description
Boolean false

true, to allow the execution of the JavaScript code placed in URLs; otherwise, false.

Remarks

By default, in the ASPxWebDocumentViewer, the execution of JavaScript code placed in URLs is prohibited, since this behavior creates the possibility of a phishing attack and makes executing queries from users viewing reports possible.

Enable the AllowURLsWithJSContent setting when you need to insert JavaScript code into the URL.

See Also