DevExpress Office PDF File控件用于生成、编辑和转换不依赖于Microsoft Office或Adobe Acrobat的文档DOCx、XLSx、PDF、PPTx构建主详细信息报表引入AI支持的文档分析和密码保护信息。在接下来的系列文章中我将为大家一一介绍DevExpress Office PDF File v26.1在新版本中的更新亮点希望能帮助到大家~欢迎点赞关注哦不定期更新~DevExpress新旧版本帮助文档下载可进QQ qun获取169725316安全增强功能为了改进基于DevExpress Office PDF File API的解决方案的安全态势DevExpress官方在v26.1发行周期中引入了以下突破性的更改。这些更改强制实施安全文档处理最佳实践并帮助减轻与不可信文档相关的风险。安全ZIP策略DevExpress新的Zip安全策略 DevExpress.Utils.Zip.SecureZipPolicy 使用资源限制、硬块和加密规则保护应用程序免受与ZIP相关的攻击用户可以局配置资源限制也可以为单个操作配置资源限制SecureZipPolicy.TrustBoundaryViolation事件允许记录、监视和审核TrustBoondary违规。FIPS法规遵从性实施DevExpress API现在检测操作系统级FIPS强制并在文档处理开始之前引发OperatingSystemLevelFipsMode.ComplianceViolationException。异常包括违规详细信息、解决建议并在工作流的早期提出以防止不符合要求的加密操作。更安全的文档DOCx、XLSx…处理v26.1为DevExpress Word Processing Document API和Spreadsheet API添加了更安全的文档处理这两个库都包括一个专用的、可配置的安全层用于从不受信任的源用户上传、电子邮件附件和第三方集成加载文档的应用程序。更安全的文档处理解决了三个与安全相关的注意事项安全加载限制- 在完全解析文档之前拒绝超过结构阈值的文档危险内容删除- 在加载操作期间去除活动威胁如宏、嵌入对象和危险链接隐私清理- 在共享/存档文档之前删除元数据、修订历史记录和隐藏内容这些功能满足了受监管行业GDPR、HIPAA和SOX的文档安全要求。安全加载限制使用Options.SecurityLoadingLimits配置文档限制当文档超过限制时触发SecurityLoadingLimitExceeded事件。在事件处理程序中设置e.Handledtrue来在发生冲突的情况下继续加载操作对于仅记录日志的方案或分段卷展栏有用。文档处理API您可以为以下文档特征配置阈值允许的最大文件大小字节文档所有部分的最大XML元素总数任何XML元素的最大嵌套深度文档中的最大段落数最大表数所有表中的最大行数文档部分的最大数量子文档页眉、页脚、文本框和类似的嵌入文档元素的最大数量以下代码段设置DevExpress Word Processing API的安全加载限制C#using DevExpress.XtraRichEdit; var wordProcessor new RichEditDocumentServer(); var securityLimits wordProcessor.Options.SecurityLoadingLimits; securityLimits.MaxFileSize 50 * 1024 * 1024; // 50 MB securityLimits.MaxParagraphCount 100_000; securityLimits.MaxTableCount 1_000; securityLimits.MaxXmlElementDepth 128; wordProcessor.SecurityLoadingLimitExceeded (sender, e) { Console.WriteLine($Limit exceeded: {e.PropertyName}); e.Handled false; // abort loading }; wordProcessor.LoadDocument(incoming.docx);Spreadsheet Document API您可以为以下工作簿特征配置阈值允许的最大文件大小字节工作簿所有部分的最大XML元素总数任何XML元素的最大嵌套深度工作簿中的最大工作表数每个工作表的最大行数每个工作表的最大列数每个工作表的最大单元格数工作簿中的最大图表数以下代码段设置DevExpress Spreadsheet Document API的安全加载限制C#using DevExpress.Spreadsheet; var workbook new Workbook(); var securityLimits workbook.Options.SecurityLoadingLimits; securityLimits.MaxFileSize 150 * 1024 * 1024; // 150 MB securityLimits.MaxWorksheetCount 50; securityLimits.MaxSheetCellCount 500_000; securityLimits.MaxChartCount 10; workbook.SecurityLoadingLimitExceeded (_, e) { Console.WriteLine($Limit exceeded: {e.PropertyName}); e.Handled false; // abort loading }; workbook.LoadDocument(upload.xlsx);不安全内容去除使用Options.SecurityLoadingOptions加载文档时可以自动删除危险内容。每个选项都以特定的危险类别为目标并在检测到匹配的内容时触发SecurityLoadingOptionsViolation事件在事件处理程序中设置e.Handledfalse来删除检测到的内容。Word Processing Document API可以删除以下内容类型具有危险URL协议javascript:、vbscript:、file://直接本地文件系统访问和UNC路径网络共享路径如\\server\share的超链接用户可以将相同的协议安全规则应用于浮动对象和图像中的内联超链接和链接使用受限协议如file://的映像引用OLE对象链接和嵌入对象ActiveX控件宏INCLUDEPICTURE和DDE动态数据交换字段自定义XML以下代码段在使用DevExpress Word Processing API时删除潜在的危险内容C#using DevExpress.XtraRichEdit; var wordProcessor new RichEditDocumentServer(); var securityOptions wordProcessor.Options.SecurityLoadingOptions; securityOptions.RestrictedHyperlinkRemovalMode RestrictedHyperlinkRemovalMode.Full; securityOptions.RemoveRestrictedLinks true; securityOptions.RemoveExternalImages true; securityOptions.RemoveOleObjects true; securityOptions.RemoveActiveXContent true; securityOptions.RemoveMacros true; securityOptions.RemoveDDEFields true; securityOptions.RemoveIncludePictureFields true; securityOptions.RemoveCustomXMLParts true; wordProcessor.SecurityLoadingOptionsViolation (sender, e) { Console.WriteLine($Dangerous content found: {e.PropertyName}); e.Handled false; // false remove the content }; wordProcessor.LoadDocument(external_submission.docm);Spreadsheet Document API可以删除以下内容类型OLE对象ActiveX控件宏自定义XML部件受限制的公式外部工作簿数据透视缓存存储在工作簿中的外部数据连接ODBC连接、web查询等以下代码段在使用DevExpress Spreadsheet Document API时删除潜在的危险内容C#using DevExpress.Spreadsheet; var workbook new Workbook(); var securityOptions workbook.Options.SecurityLoadingOptions; securityOptions.RemoveMacros true; securityOptions.RemoveActiveXContent true; securityOptions.RemoveOleObjects true; securityOptions.RemoveRestrictedFormulas true; securityOptions.RemoveExternalWorkbooks true; securityOptions.RemoveExternalConnections true; securityOptions.RemovePivotCaches true; securityOptions.RemoveCustomXMLParts true; workbook.SecurityLoadingOptionsViolation (_, e) { Console.WriteLine($Dangerous content found: {e.PropertyName}); e.Handled false; // false remove the content }; workbook.LoadDocument(financial_model.xlsm);隐私处理v26.1包括用于DevExpress Word Processing Document API 的RichEditDocumentServer.Sanitize(WordProcessingSanitizeOptions)和用于Spreadsheet API的Workbook.Sanitize(WorkbookSanitizeOptions) 在共享、发布或存档文档/文件之前调用这些方法从文档中删除个人数据和内部组织信息。这两个方法都返回结构化清理结果其中包括检测到的内容类型和应用的操作WordProcessingSanitizeResult 和WorkbookSanitizeResult。Sanitization API包括以下内容类别元数据 - 文档属性作者、标题、公司和自定义字段修订历史记录 - 跟踪的更改、注释和其他修订数据隐藏内容 - 隐藏文本/行/列以下代码段在导出之前清理Word文档C#using DevExpress.XtraRichEdit; var wordProcessor new RichEditDocumentServer(); wordProcessor.LoadDocument(contract_draft.docx); var options new WordProcessingSanitizeOptions(); options.TrackChanges TrackChangesSanitizeMode.Accept; options.Metadata MetadataRemovalScope.All; options.RemoveCustomXmlParts true; options.RemoveMacros true; options.HiddenText HiddenContentSanitizeMode.MakeVisible; options.RemoveActiveXContent true; options.RemoveComments true; options.InvisibleText InvisibleContentSanitizeMode.Remove; options.RemoveOleObjects true; var findings wordProcessor.Sanitize(options); foreach (var f in findings) Console.WriteLine(${f.Type}: {f.Action}); wordProcessor.SaveDocument(contract_for_distribution.docx, DocumentFormat.OpenXml);以下代码段在导出之前清理电子表格C#using DevExpress.Spreadsheet; var workbook new Workbook(); workbook.LoadDocument(financial_model.xlsm); var options new WorkbookSanitizeOptions { Metadata MetadataRemovalScope.All, HiddenSheets HiddenContentSanitizeMode.MakeVisible, HiddenRows HiddenContentSanitizeMode.Remove, HiddenColumns HiddenContentSanitizeMode.Remove, InvisibleCellText WhiteOnWhiteContentSanitizeMode.Remove, RemoveComments true, RemoveThreadedComments true, RemoveSharedWorkbookHistory true }; var findings workbook.Sanitize(options); foreach (var f in findings) Console.WriteLine(${f.Type}: {f.Action}); workbook.SaveDocument(financial_model_clean.xlsm, DocumentFormat.Xlsx);审视前检查文件内容在清理之前请检查文档/工作簿以识别内容类型。新的RichEditDocumentServerInspectRichEditDocumentServer.Inspect(WordProcessingInspectOptions) 和 Workbook.Inspect(WorkbookInspectOptions)方法扫描加载的文件并返回检测到的集。调用以下方法当中的一个根据检测到的内容类型创建清理选项WordProcessingInspectResult.CreateSanitizeOptions()WorkbookInspectResult.CreateSanitizeOptions()WordProcessingSanitizeOptions.FromInspectResult(WordProcessingInspectResult)WorkbookSanitizeOptions.FromInspectResult(WorkbookInspectResult)将这些选项传递给RichEditDocumentServer.Sanitize() 或 Workbook.Sanitize() 来删除私有内容。C#using DevExpress.XtraRichEdit; var wordProcessor new RichEditDocumentServer(); wordProcessor.LoadDocument(submission.docm); // Inspect first — discover what is present without modifying anything WordProcessingInspectResult inspectResult wordProcessor.Inspect(WordProcessingInspectOptions.All); Console.WriteLine($Detected: {string.Join(, , inspectResult.ContentTypes)}); // Build sanitize options targeting only what was found WordProcessingSanitizeOptions sanitizeOptions inspectResult.CreateSanitizeOptions(); var findings wordProcessor.Sanitize(sanitizeOptions); Console.WriteLine(${findings.Count} finding(s) removed.); wordProcessor.SaveDocument(submission_clean.docx, DocumentFormat.OpenXml);以下代码段在清理之前检查电子表格的内容C#using DevExpress.Spreadsheet; var workbook new Workbook(); workbook.LoadDocument(financial_model.xlsm); // Inspect first — discover what is present without modifying anything var inspectResult workbook.Inspect(WorkbookInspectOptions.All); Console.WriteLine($Detected: {string.Join(, , inspectResult.ContentTypes)}); // Build sanitize options targeting only what was found var sanitizeOptions inspectResult.CreateSanitizeOptions(); var findings workbook.Sanitize(sanitizeOptions); Console.WriteLine(${findings.Count} finding(s) removed.); workbook.SaveDocument(financial_model_clean.xlsm, DocumentFormat.Xlsx);