xtrareports-10011-feature-guide-to-devexpress-reports-store-and-distribute-reports-store-report-layouts-and-documents-xml-serialization.md
In DevExpress Reports v17.1 and higher, XML serialization is the default format for saving reports and report style sheets in all Report Designer versions.
Unlike the legacy CodeDOM serialization, XML is protected against injecting harmful code into a report’s definition and executing it on a client machine when deserializing such report.
Important
XML serialization does not protect you from the uncontrolled execution of injected code if an end-user reporting application enables report script execution.
If you have not yet done so, be sure to review the following help topic: DevExpress Reporting - Security Considerations.
XML is the only option to serialize reports in applications not deployed under the Full Trust permission level.
Use the following methods to save reports and report style sheets to XML and safely load them in a Report Designer:
Tip
See the following documents to learn more about how to save and load reports:
You can serialize custom properties by marking them with the [XtraSerializableProperty] attribute.
The following examples illustrate a more advanced way to serialize more complex custom objects with XML (such as custom data sources, custom parameters, or third-party controls added to a report using WinControlContainer):
The version numbers for serialized custom libraries are maintained automatically. If you encounter problems when serializing your new assembly versions to XML, you can align their version numbers in one of the following ways:
Add a bindingRedirect tag to your project’s App.config file:
Handle the AppDomain.CurrentDomain.AssemblyResolve event in your application: