- Introduction
- Report Readers
- Report Authors
- DevOps
-
Developers
- Quick Start
- Breaking Changes
- ActiveReports Version Compatibility and Migration
- License ActiveReports
- Configure ActiveReports Using Code
- Work with Reports using Code
- Report Parts
-
Create Designer and Viewer Applications
- .NET Viewer Application
- Web Viewer and Web Designer Middlewares
-
Js Viewer Application
- ASP.NET MVC Core Integration
- Integration to Angular Application
- Integration to React Application
- Integration to VueJS Application
- Load Reports
- Switch Between Render Formats
- Update Security Token in Report Service
- Caching Reports
- Prevent Cross-Site Scripting Attacks
- Customize UI
- Customize Page View
- Animation
- View Reports from Different Domains using CORS
- Predefined Export Settings
- Js Viewer API
- ASP.NET WebViewer Application
- Blazor Viewer Application
- WebDesigner Application
- Blazor WebDesigner Application
- End User Report Designer in WinForms Application
- Themes in WebDesigner and Js Viewer Components
- Role Based Authorization with JWT
- Extensibility in ActiveReports
- External Customizations in ActiveReports
- Export Reports
- Print Reports
- Plugins Development
- Samples
- Troubleshooting
Prevent Cross-Site Scripting Attacks
ActiveReports allows pre-processing of all links from reports. To prevent possible attacks and if you do not trust report authors, we recommend that you add processing of hyperlinks as demonstrated in the code example below:
app.UseReportViewer(settings =>
{
settings.UseFileStore(ReportsDirectory);
settings.ProcessHyperlink = link =>
{
if (!Uri.TryCreate(link, UriKind.RelativeOrAbsolute, out Uri uri))
return string.Empty;
if (uri.IsAbsoluteUri)
{
if (uri.Scheme.ToLowerInvariant() == "javascript")
return string.Empty;
return uri.AbsoluteUri;
}
return uri.ToString();
};
})