Breaking Change T989875
Visible to All Users

In batch edit mode, grid-like controls validate potentially dangerous editor values on the server side

What Changed

The controls raise a server-side exception when end users enter a potentially dangerous text to a string field in batch edit mode and then save changes. Potentially dangerous text is a text that can be converted to HTML with unsafe tags. For example, "<" and ">" symbols would be converted to html tags.

Reasons for Change

In previous versions, the controls have not validated potentially dangerous editor values.

Impact on Existing Apps

This change affects your application and validates all editor values before saving them to the database in batch edit mode.

How to Change the Default Behavior

We've introduced the ASPxWebControl.BackwardCompatibility.ValidatePotentiallyDangerousValuesInBatchEditMode property whose default value is true. Set this property to false to return to the previous behavior.

C#
void Application_Start(object sender, EventArgs e) { ASPxWebControl.BackwardCompatibility.ValidatePotentiallyDangerousValuesInBatchEditMode = false; }
Visual Basic 6
Private Sub Application_Start(ByVal sender As Object, ByVal e As EventArgs) ASPxWebControl.BackwardCompatibility.ValidatePotentiallyDangerousValuesInBatchEditMode = False End Sub

Disclaimer: The information provided on DevExpress.com and affiliated web properties (including the DevExpress Support Center) is provided "as is" without warranty of any kind. Developer Express Inc disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. Please refer to the DevExpress.com Website Terms of Use for more information in this regard.

Confidential Information: Developer Express Inc does not wish to receive, will not act to procure, nor will it solicit, confidential or proprietary materials and information from you through the DevExpress Support Center or its web properties. Any and all materials or information divulged during chats, email communications, online discussions, Support Center tickets, or made available to Developer Express Inc in any manner will be deemed NOT to be confidential by Developer Express Inc. Please refer to the DevExpress.com Website Terms of Use for more information in this regard.