ActiveReports 18 .NET Edition
Developers / Create Designer and Viewer Applications / Js Viewer Application / Prevent Cross-Site Scripting Attacks
In This Topic
    Prevent Cross-Site Scripting Attacks
    In This Topic

    ActiveReports allows pre-processing of all links from reports. To prevent possible attacks and if you do not trust report authors, we recommend that you add processing of hyperlinks as demonstrated in the code example below:

    Startup.cs
    Copy Code
    app.UseReportViewer(settings =>
        {
            settings.UseFileStore(ReportsDirectory);
            settings.ProcessHyperlink = link =>
            {
                if (!Uri.TryCreate(link, UriKind.RelativeOrAbsolute, out Uri uri))
                    return string.Empty;
                if (uri.IsAbsoluteUri)
                {
                    if (uri.Scheme.ToLowerInvariant() == "javascript")
                        return string.Empty;
                    return uri.AbsoluteUri;
                }
                return uri.ToString();
            };
        })