Skip to main content

DevExpress v24.2 Update — Your Feedback Matters

Our What's New in v24.2 webpage includes product-specific surveys. Your response to our survey questions will help us measure product satisfaction for features released in this major update and help us refine our plans for our next major release.

Take the survey Not interested

ASPxWebDocumentViewer.AllowURLsWithJSContent Property

SECURITY NOTE

Setting this property to true may introduce security-related issues because report scripts are not secure. Review the following topic to learn how to protect websites from cross-site scripting (XSS) attacks: Scripts Security.

Specifies whether or not the execution of the JavaScript code placed in URLs is allowed.

Namespace: DevExpress.XtraReports.Web

Assembly: DevExpress.XtraReports.v24.2.Web.WebForms.dll

NuGet Package: DevExpress.Web.Reporting

#Declaration

[DefaultValue(false)]
public bool AllowURLsWithJSContent { get; set; }

#Property Value

Type Default Description
Boolean false

true, to allow the execution of the JavaScript code placed in URLs; otherwise, false.

#Remarks

By default, in the ASPxWebDocumentViewer, the execution of JavaScript code placed in URLs is prohibited, since this behavior creates the possibility of a phishing attack and makes executing queries from users viewing reports possible.

Enable the AllowURLsWithJSContent setting when you need to insert JavaScript code into the URL.

See Also