ScriptPermissionManager Class

SECURITY-RELATED CONSIDERATIONS

Report scripts are not secure and are disabled by default. We recommend that you use expression bindings to customize your reports. Use scripts only if you trust your reports and you cannot switch to expression bindings.

How to implement secure report scripts

Provides functionality to specify scripting security at the application level.

Namespace : DevExpress.XtraReports.Security

Assembly : DevExpress.XtraReports.v25.2.dll

NuGet Package : DevExpress.Reporting.Core

Declaration

• C#
• VB.NET

public class ScriptPermissionManager

Public Class ScriptPermissionManager

Related API Members

The following members return ScriptPermissionManager objects:

• ScriptPermissionManager.GlobalInstance

Remarks

To specify the report script execution mode for the entire application, perform the following steps:

1. Instantiate the ScriptPermissionManager class with the specified mode at application startup.
2. Assign the ScriptPermissionManager instance to the GlobalInstance static property.

The following code snippet disables script execution in a reporting application:

• C#
• VB.NET

using DevExpress.XtraReports.Security;
using System;
// ...

protected void Application_Start(object sender, EventArgs e) {
    ScriptPermissionManager.GlobalInstance = new ScriptPermissionManager(ExecutionMode.Deny);
}

Imports DevExpress.XtraReports.Security
Imports System
' ...

Sub Application_Start(ByVal sender As Object, ByVal e As EventArgs)
    ScriptPermissionManager.GlobalInstance = New ScriptPermissionManager(ExecutionMode.Deny)
End Sub

Inheritance

Object ScriptPermissionManager

See Also

ScriptPermissionManager Members

Scripts - Security Considerations

DevExpress.XtraReports.Security Namespace