ActiveReports allows pre-processing of all links from reports. To prevent possible attacks and if you do not trust report authors, we recommend that you add processing of hyperlinks as demonstrated in the code example below:
Startup.cs |
Copy Code
|
---|---|
app.UseReportViewer(settings => { settings.UseFileStore(ReportsDirectory); settings.ProcessHyperlink = link => { if (!Uri.TryCreate(link, UriKind.RelativeOrAbsolute, out Uri uri)) return string.Empty; if (uri.IsAbsoluteUri) { if (uri.Scheme.ToLowerInvariant() == "javascript") return string.Empty; return uri.AbsoluteUri; } return uri.ToString(); }; }) |