Home > SharePoint > SPWeb.AllowUnsafeUpdates to True

SPWeb.AllowUnsafeUpdates to True

Sunil Kumar Pashikanti December 31, 2013 SharePoint

To be able to call into the SharePoint object model directly from an InfoPath browser
form and perform updates, you must set SPWeb.AllowUnsafeUpdates to true.

The MSDN documentation on SPWeb.AllowUnsafeUpdates says:

The SPWeb.AllowUnsafeUpdates property gets or sets a Boolean value that
specifies whether to allow updates to the database as a result of a GET request without requiring a security validation.

The documentation further states the implication of setting SPWeb.AllowUnsafeUpdates to true:

Setting this property to true opens security risks, potentially introducing cross-site scripting vulnerabilities.

So ensure you set SPWeb.AllowUnsafeUpdates to false immediately after running the code that calls into the SharePoint object model.

No comments

Subscribe to: Post Comments ( Atom )