In SharePoint Environment a developer can add ASPX file very easily. An ASPX file contains code which may affect the SharePoint environment. In simple words, there might be a security risk of security injection.
In this blog, we will see what is a safe control in SharePoint.
To reduce the risk, SharePoint differentiates the assembly which needs to protect against script injection. This can be done by marking a control as “Safe Control” in the SharePoint web.config file.
Code snippet of Safe Control:
SharePoint>
<SafeControls>
<SafeControl Assembly=”[Assembly Name]” Namespace=”[Namespace]” TypeName=”*” Safe=”True” />
</SafeControls>
</SharePoint>
To mark controls as safe or unsafe in the Package Designer
- Create a SharePoint solution with a Visual Web Part project.
- Add two controls to the Web part: a text box and a button. Leave the names at their default values, TextBox1 and Button1, respectively.
- Take note of the namespace of the control because it is used later.
- On the menu bar, choose Build, Build Solution to build the project.
- Create another SharePoint solution.
- In Solution Explorer, open the shortcut menu for the Package.Package file, and then choose Open to open the Package Designer.
- In the Package Designer, choose the Advanced tab.
- Under Additional Assemblies, choose the Add button, and then choose Add Existing Assembly from the list.
- In the Add Existing Assembly dialog box, choose the ellipsis (ASP.NET Mobile Designer ellipse) button next to Source Path.
- Choose the assembly from the SharePoint solution that you created in Step 1, and then choose the Open button.
- For this example, leave the Deployment Target option as GlobalAssemblyCache.
- This step causes the assembly to deploy to the system Global Assembly Cache (GAC). If you want the assembly to deploy to the Web application (Bin) folder, select that option instead. For more information, see Deploying Web Parts in SharePoint Foundation.
- In the Safe Controls box, choose the Click here to add a new item button.
- Enter the values for the properties from the following table.
Property Name | Value |
Namespace | The fully-qualified namespace for the control, such as MyProject.VisualWebPart1. |
Type Name | Button1 |
Assembly Name | A strong assembly name, such as: Microsoft.Office.SharePoint.Client, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71c9bce111e9429c. |
Safe | Clear the Safe checkbox. |
Safe Against Script | Leave the Safe Against Script checkbox clear. |
- Choose the Tab key to create another safe control entry.
- Choose the Click here to add a new item button again.
- After selecting properties, choose the Tab key, and then choose the OK button to close the dialog box.
I hope you like this blog. Please share this on social media.