aspnet-devexpress-dot-web-dot-hyperlinkproperties.md
Specifies whether to remove potentially dangerous navigate URLs within a hyperlink column.
Namespace : DevExpress.Web
Assembly : DevExpress.Web.v25.2.dll
NuGet Package : DevExpress.Web
[DefaultValue(DefaultBoolean.Default)]
public DefaultBoolean RemovePotentiallyDangerousNavigateUrl { get; set; }
<DefaultValue(DefaultBoolean.Default)>
Public Property RemovePotentiallyDangerousNavigateUrl As DefaultBoolean
| Type | Default | Description |
|---|---|---|
| DefaultBoolean | Default |
One of the DefaultBoolean enumeration values.
|
Available values:
| Name | Description | Return Value |
|---|---|---|
| True |
The value is true.
|
0
| | False |
The value is false.
|
1
| | Default |
The value is specified by a global option or a higher-level object.
|
2
|
Use the RemovePotentiallyDangerousNavigateUrl property to validate the HyperlinkColumn values to prevent XSS vulnerability.
A secure URL starts with the “http:” or “https:” or doesn’t contain the ‘:’ symbol (relative URLs). Setting the RemovePotentiallyDangerousNavigateUrl property to true removes all potentially dangerous URLs from the <a> HTML element so it is rendered without HREF attribute. If the RemovePotentiallyDangerousNavigateUrl property value is set to Default , the hyperlink column’s navigate url vaidation depends on the BackwardCompatibilitySettings.RemovePotentiallyDangerousNavigateUrlDefaultValue property value.
Note
Note that grid-based controls validate only data source values used in the HyperlinkColumn column and ignore the HyperLinkProperties.NavigateUrlFormatString property.
<dx:GridViewDataHyperLinkColumn FieldName="Link">
<PropertiesHyperLinkEdit RemovePotentiallyDangerousNavigateUrl="True">
</PropertiesHyperLinkEdit>
</dx:GridViewDataHyperLinkColumn>
See Also