CartLog In

Privacy Sanitization

Remove author names, tracked changes, comments, hidden text, and hidden worksheets from loaded documents before they are shared or archived. DevExpress Office & PDF File API generates a structured findings list — ready to use as your GDPR or HIPAA audit trail record.

Security Loading Limits

Reject files that do not match specified/predefined thresholds including: file size, XML depth, element count, and other document structure metrics.

Dangerous Content Removal

Strip VBA macros, ActiveX controls, OLE objects, DDE fields, restricted formulas, external workbook references, and other active threats at load time.

Build Regulatory Compliant Applications

Integrate Safer Document Processing capabilities into your next great app and comply
with document security requirements for major regulatory frameworks.

GDPR

General Data Protection
Regulation

HIPAA

Health Insurance Portability and
Accountability Act

PCI DSS

Payment Card Industry Data
Security Standard

SOX

Sarbanes-Oxley Act

BASEL III

Basel Committee on Banking Supervision

GLBA

Gramm-Leach-Bliley Act

Reject Malicious Files Before Parsing Data

If your application allows user uploads or accesses files stored in third-party sources, specify security loading limits to reject malicious files. Deeply nested structures, inflated element counts, and oversized files are common attack vectors. With Safer Document Processing, you define acceptable limits and block documents that exceed them before parsing begins.
Use recommended defaults or modify limits to fit your environment.

Supported APIs
Word Processing API

Define size and complexity limits for incoming Word documents and reject files that exceed them before parsing begins. Protect your servers from resource exhaustion caused by malformed or intentionally abusive files, with no changes to how you load legitimate documents.

Excel Spreadsheet API

Malicious workbooks can be structurally extreme in ways that do not correlate with their data. Thousands of worksheets, millions of cells, deeply nested XML structures, and outsized file sizes are all patterns associated with resource exhaustion attacks. Set your own thresholds for what your application accepts and reject files that exceed them before processing begins.

Word Processing API

Define size and complexity limits for incoming Word documents and reject files that exceed them before parsing begins. Protect your servers from resource exhaustion caused by malformed or intentionally abusive files, with no changes to how you load legitimate documents.

Excel Spreadsheet API

Malicious workbooks can be structurally extreme in ways that do not correlate with their data. Thousands of worksheets, millions of cells, deeply nested XML structures, and outsized file sizes are all patterns associated with resource exhaustion attacks. Set your own thresholds for what your application accepts and reject files that exceed them before processing begins.

  • C#
using DevExpress.XtraRichEdit;

using var wordProcessor = new RichEditDocumentServer();
var securityLoadingLimits = wordProcessor.Options.SecurityLoadingLimits;
securityLoadingLimits.MaxFileSize = 50 * 1024 * 1024; 
securityLoadingLimits.MaxParagraphCount = 100_000; 
securityLoadingLimits.MaxTableCount = 1_000; 
securityLoadingLimits.MaxXmlElementDepth = 128; 

wordProcessor.SecurityLoadingLimitExceeded += (_, e) => { 
    auditLog.Record($"Rejected: {e.PropertyName}"); 
    e.Handled = false; // abort loading 
}; 

using var inputStream = new MemoryStream(File.ReadAllBytes("incoming.docx"));
wordProcessor.LoadDocument(inputStream, DocumentFormat.Docx);
Copy
  • C#
using DevExpress.Spreadsheet;  

using var workbook = new Workbook(); 
var securityLoadingLimits = workbook.Options.SecurityLoadingLimits;
securityLoadingLimits.MaxFileSize = 150 * 1024 * 1024; 
securityLoadingLimits.MaxWorksheetCount = 50; 
securityLoadingLimits.MaxSheetCellCount = 500_000; 
securityLoadingLimits.MaxChartCount = 10; 

workbook.SecurityLoadingLimitExceeded += (_, e) => { 
    auditLog.Record($"Rejected: {e.PropertyName}"); 
    e.Handled = false; 
}; 

using var inputStream = new MemoryStream(File.ReadAllBytes("upload.xlsx"));
workbook.LoadDocument(inputStream, DocumentFormat.Xlsx);
Copy

Strip Active Threats at Load Time

Documents from untrusted sources may contain active content that executes code or accesses external resources.
With Safer Document Processing, you can detect and mitigate load-time threats — macros, embedded objects,
external links, and network-based formulas. And you can specify content types you wish to remove. If necessary,
write code that processes or logs each occurrence individually.

Supported APIs
Word Processing API

Detect and handle active content in Word documents: macros, embedded objects from other applications, fields that fetch remote resources, and hyperlinks pointing to dangerous protocols. Specify content types to be removed, process individual occurrences, and create an operation log.

Excel Spreadsheet API

Identify threats in Excel workbooks: macros, network-based formulas, links to external workbooks, pivot tables with sensitive cached snapshots, external database connections, and embedded objects. Specify content types to be removed, process individual occurrences, and create an operation log.

Word Processing API

Detect and handle active content in Word documents: macros, embedded objects from other applications, fields that fetch remote resources, and hyperlinks pointing to dangerous protocols. Specify content types to be removed, process individual occurrences, and create an operation log.

Excel Spreadsheet API

Identify threats in Excel workbooks: macros, network-based formulas, links to external workbooks, pivot tables with sensitive cached snapshots, external database connections, and embedded objects. Specify content types to be removed, process individual occurrences, and create an operation log.

  • C#
using DevExpress.XtraRichEdit;   

using var wordProcessor = new RichEditDocumentServer();
var securityLoadingOptions = wordProcessor.Options.SecurityLoadingOptions;
securityLoadingOptions.RestrictedHyperlinkRemovalMode
    = RestrictedHyperlinkRemovalMode.Full;
securityLoadingOptions.RemoveOleObjects = true;
securityLoadingOptions.RemoveActiveXContent = true;
securityLoadingOptions.RemoveMacros = true;
securityLoadingOptions.RemoveDDEFields = true;
securityLoadingOptions.RemoveIncludePictureFields = true;
securityLoadingOptions.RemoveCustomXMLParts = true;

wordProcessor.SecurityLoadingOptionsViolation += (_, e) => {
    auditLog.Record($"Removed: {e.PropertyName}");
    e.Handled = true; // true = remove the content
};

using var inputStream = new MemoryStream(File.ReadAllBytes("submission.docm"));
wordProcessor.LoadDocument(inputStream, DocumentFormat.Docm);
Copy
  • C#
using DevExpress.Spreadsheet;  

using var workbook = new Workbook(); 
var securityLoadingOptions = workbook.Options.SecurityLoadingOptions; 
securityLoadingOptions.RemoveMacros = true;
securityLoadingOptions.RemoveActiveXContent = true; 
securityLoadingOptions.RemoveOleObjects = true; 
securityLoadingOptions.RemoveRestrictedFormulas = true; 
securityLoadingOptions.RemoveExternalWorkbooks = true; 
securityLoadingOptions.RemoveExternalConnections = true;
securityLoadingOptions.RemovePivotCaches = true;
securityLoadingOptions.RemoveCustomXMLParts = true;

workbook.SecurityLoadingOptionsViolation += (_, e) => {
    auditLog.Record($"Removed: {e.PropertyName}"); 
    e.Handled = true; 
}; 

using var inputStream = new MemoryStream(File.ReadAllBytes("financial_model.xlsm"));
workbook.LoadDocument(inputStream, DocumentFormat.Xlsm);
Copy

Inspect and Sanitize Documents Before Sharing or Archiving

Office documents often contain personal data that's not immediately visible — author information, revision history,
comments, and internal paths. With Safer Document Processing, you can strip such content from a document
before you share a file with others.

Metadata

Clear information about the author, last contributor, organization, revision number, total editing time, application name and version.

Tracked Changes & Comments

Accept or reject all pending revisions and remove reviewer attribution from the document. Remove classic comments and modern comment threads.

Hidden Content

Detect and handle content invisible in an editor: paragraphs and text ranges marked as hidden, text with foreground color that matches the background, hidden worksheets and rows.

Compliance & Audit Logging

Every sanitization run returns a structured log that you can attach to a GDPR disclosure record, a HIPAA audit package, or a SOX internal controls report. See the compliance coverage table below and learn how log content maps to specific regulatory requirements.

Inspect Documents

Scan documents before sharing to detect hidden metadata, tracked changes, comments, invisible content, and other sensitive information. Review structured findings first and generate targeted sanitization options based on detected risks. This inspection-first workflow helps you understand exactly what private or compliance-sensitive content exists before modifying the document.

Code Examples
Sanitize Word Files

Strip personal data and organizational metadata before sharing a Word document. Accept or reject all pending tracked changes to remove reviewer attribution. Remove comments, hidden text, and text made invisible through color matching. Every run returns a structured findings list you can attach to a GDPR compliance log, HIPAA audit package, or SOX internal controls report.

Sanitize Excel Spreadsheets

Strip personal data and organizational metadata before sharing an Excel workbook. Remove comments, threaded comment threads, and shared workbook change history. Expose or delete hidden sheets, rows, and columns. Remove cells with invisible text. Every run returns a structured findings list suitable as a GDPR or audit compliance record.

Inspect Word/Excel Before Sanitizing

Before removing anything, inspect a document to discover which content types are present. Use the results to report on document contents, prompt the user before committing to a sanitization pass, or build sanitize options that target only what was found. Inspection never modifies the document.

Sanitize Word Files

Strip personal data and organizational metadata before sharing a Word document. Accept or reject all pending tracked changes to remove reviewer attribution. Remove comments, hidden text, and text made invisible through color matching. Every run returns a structured findings list you can attach to a GDPR compliance log, HIPAA audit package, or SOX internal controls report.

Sanitize Excel Spreadsheets

Strip personal data and organizational metadata before sharing an Excel workbook. Remove comments, threaded comment threads, and shared workbook change history. Expose or delete hidden sheets, rows, and columns. Remove cells with invisible text. Every run returns a structured findings list suitable as a GDPR or audit compliance record.

Inspect Word/Excel Before Sanitizing

Before removing anything, inspect a document to discover which content types are present. Use the results to report on document contents, prompt the user before committing to a sanitization pass, or build sanitize options that target only what was found. Inspection never modifies the document.

  • C#
using DevExpress.XtraRichEdit;

using var wordProcessor = new RichEditDocumentServer();
using var inputStream = new MemoryStream(File.ReadAllBytes("Document.docm"));
wordProcessor.LoadDocument(inputStream, DocumentFormat.Docm);

//...
// Word — all options (equivalent to CreateStrict())
var options = new WordProcessingSanitizeOptions {
    Metadata             = MetadataRemovalScope.All,
    RemoveComments       = true,
    RemoveCustomXmlParts = true,
    RemoveActiveXContent = true,
    RemoveMacros         = true,
    RemoveOleObjects     = true,
    TrackChanges         = TrackChangesSanitizeMode.Reject,
    HiddenText           = HiddenContentSanitizeMode.Remove,
    InvisibleText        = InvisibleContentSanitizeMode.Remove
};

// Returns a structured findings list — use as an audit record
IList<WordProcessingSanitizeResult> findings = wordProcessor.Sanitize(options);

foreach (var f in findings)
    auditLog.Record($"{f.Type}: {f.Action}");

using var sanitizedStream = new MemoryStream();
wordProcessor.SaveDocument(sanitizedStream, DocumentFormat.Docm);
Copy
  • C#
using DevExpress.Office;
using DevExpress.Spreadsheet;

using var workbook = new Workbook();
using var inputStream = new MemoryStream(File.ReadAllBytes("Template.xlsm"));
workbook.LoadDocument(inputStream, DocumentFormat.Xlsm);

//...
// Excel — selective: expose hidden structure, strip metadata
var options = new WorkbookSanitizeOptions {
    Metadata                    = MetadataRemovalScope.All,
    HiddenSheets                = HiddenContentSanitizeMode.MakeVisible,
    HiddenRows                  = HiddenContentSanitizeMode.Remove,
    HiddenColumns               = HiddenContentSanitizeMode.Remove,
    InvisibleCellText           = InvisibleContentSanitizeMode.Remove,
    RemoveComments              = true,
    RemoveThreadedComments      = true,
    RemoveSharedWorkbookHistory = true,
    RemoveExternalConnections   = true
};

IList<WorkbookSanitizeResult> findings = workbook.Sanitize(options);

foreach (var f in findings)
    auditLog.Record($"{f.Type}: {f.Action}");

using var sanitizedStream = new MemoryStream();
workbook.SaveDocument(sanitizedStream, DocumentFormat.Xlsx);
Copy
  • C#
using DevExpress.XtraRichEdit;
using DevExpress.Spreadsheet;

// Word — inspect then sanitize only what was found
var wordProcessor = new RichEditDocumentServer();
using var wordInputStream = new MemoryStream(File.ReadAllBytes("Submission.docm"));
wordProcessor.LoadDocument(wordInputStream,
    DevExpress.XtraRichEdit.DocumentFormat.Docm);

WordProcessingInspectResult wordInspect =
    wordProcessor.Inspect(WordProcessingInspectOptions.All);

Console.WriteLine($"Detected: {string.Join(", ", wordInspect.ContentTypes)}");

WordProcessingSanitizeOptions wordOptions = wordInspect.CreateSanitizeOptions();
var wordFindings = wordProcessor.Sanitize(wordOptions);

Console.WriteLine($"{wordFindings.Count} finding(s) removed.");

using var wordSanitizedStream = new MemoryStream();
wordProcessor.SaveDocument(wordSanitizedStream,
    DevExpress.XtraRichEdit.DocumentFormat.Docx);


// Excel — inspect then sanitize only what was found
using var workbook = new Workbook();
using var xlInputStream = new MemoryStream(File.ReadAllBytes("Sample.xlsm"));
workbook.LoadDocument(xlInputStream, DevExpress.Spreadsheet.DocumentFormat.Xlsm);

WorkbookInspectResult xlInspect = workbook.Inspect(WorkbookInspectOptions.All);

Console.WriteLine($"Detected: {string.Join(", ", xlInspect.ContentTypes)}");

WorkbookSanitizeOptions xlOptions = xlInspect.CreateSanitizeOptions();
var xlFindings = workbook.Sanitize(xlOptions);

foreach (var result in xlFindings)
    Console.WriteLine($"Content type: {result.Type}, Action taken: {result.Action}");

using var xlSanitizedStream = new MemoryStream();
workbook.SaveDocument(xlSanitizedStream, DevExpress.Spreadsheet.DocumentFormat.Xlsx);
Copy

Regulatory Frameworks at a Glance

Each regulation maps to specific DevExpress Office & PDF File API capability. Use the following table to review regulatory requirements and identify how the DevExpress Office & PDF File API library capabilities help you produce compliant documents.

 
RegulationPrimary ConcernLoading LimitsDangerous Content RemovalPrivacy Sanitization
GDPRPersonal data in metadata, revision history, and hidden content OLE/ActiveX removal Required — metadata, tracked changes, hidden content
HIPAA PHI leakage through macros, document properties, and revision history ✔ Availability requirement ✔ Macro, OLE, external link removal ✔ Metadata, comments, tracked changes
SOX Financial document integrity; tamper-proof audit trail ✔ Structure validation ✔ Formula blocking, external workbook removal ✔ Sanitization log supports Section 404 documentation
Basel III Financial model integrity for regulatory reporting ✔ Protects large dataset processing ✔ Formula validation, macro removal Recommended
PCI DSS Cardholder data in document properties and content Recommended ✔ Macro, OLE, external link removal ✔ Metadata removal
GLBA Consumer financial information Recommended ✔ Macro removal, formula validation ✔ Metadata sanitization