[Expand]General Information
[Expand]WinForms Controls
[Expand]ASP.NET Controls and MVC Extensions
[Expand]ASP.NET Bootstrap Controls
[Expand]ASP.NET Core Bootstrap Controls
[Expand]WPF Controls
[Expand]Xamarin Controls
[Expand]Windows 10 App Controls
[Expand]Office File API
 [Expand]Product Information
 [Expand]Get Started with DevExpress Reporting
 [Expand]Create Popular Reports
 [Collapse]Detailed Guide to DevExpress Reporting
   Introduction to Banded Reports
  [Expand]Provide Data to Reports
  [Expand]Use Report Controls
  [Expand]Shape Report Data
   Arrange Dynamic Report Contents
  [Expand]Customize Appearance
  [Expand]Add Navigation
  [Expand]Provide Interactivity
  [Expand]Add Extra Information
  [Expand]Merge Reports
  [Expand]Use Expressions
  [Collapse]Store and Distribute Reports
    Reporting Security
   [Collapse]Store Report Layouts and Documents
     Store Report Layouts
     XML Serialization
     CodeDOM Serialization
     Custom Report Storage
     Save Report Layouts
     Load Report Layouts
     Store Report Documents
     Save and Open Report Documents
   [Expand]Globalize and Localize Reports
   [Expand]Export Reports
    Print Reports
  [Expand]Reporting API
 [Expand]Visual Studio Report Designer
 [Expand]Create End-User Reporting Applications
 [Expand]API Reference
[Expand]Report and Dashboard Server
[Expand]eXpressApp Framework
[Expand]eXpress Persistent Objects
[Expand]CodeRush Classic
[Expand]Cross-Platform Core Libraries
[Expand]Tools and Utilities
 End-User Documentation
View this topic on docs.devexpress.com (Learn more)

CodeDOM Serialization

The Code Document Object Model (CodeDOM) serialization is a legacy approach to storing DevExpress report layouts and report style sheets. A report engine compiles and executes all code contained in a report's definition file when the report layout is being restored from CodeDOM.


We recommend switching to XML serialization instead if your application still uses CodeDOM serialization.

CodeDOM serialization is not protected against injecting harmful code into a report's definition and executing it on a client machine when deserializing a report.

This is the main reason why XML Serialization has become the default format for saving reports and report style sheets in recent Report Designer versions.

See Reporting Security for more information on security considerations related to storing and distributing DevExpress reports.

Consider other CodeDOM limitations that do not apply to XML serialization:

See the following documents to learn about the recommended approaches to saving and loading reports:

Expanded Enabling CodeDOM Serialization

When your application's reports require CodeDOM serialization, and you are not concerned with the resulting security implications, you can switch to CodeDOM (for saving both newly created reports and reports restored from XML definitions). These settings do not affect report style sheet serialization (they are still saved in XML format):

Expanded See Also

Is this topic helpful?​​​​​​​