SPC020203: Avoid setting 'AllowUnsafeUpdates' on SPSite |
SPC020203: Avoid setting 'AllowUnsafeUpdates' on SPSite |
The assembly should not call Microsoft.SharePoint.SPSite.AllowUnsafeUpdates to run make changes to SPSite with a lower security context. Setting this property to true opens security risks, potentially introducing cross-site scripting vulnerabilities.
TypeName: | AvoidCallToAllowUnsafeUpdatesOnSPSite |
CheckId: | SPC020203 |
Severity: | CriticalWarning |
Type: | AssemblyFileReference |
Remove calls to 'Microsoft.SharePoint.SPSite.AllowUnsafeUpdates' to avoid changes with a lower security context. If you need to use it ensure to change the value back to its original state after your operations. See sample below:
Good Practice:
Copyright © 2013 RENCORE AB. All Rights Reserved
Disclaimer: The views and opinions expressed in this documentation and in SPCAF are those of the creators and do not necessarily reflect the opinions and recommendations of Microsoft or any member of Microsoft. All trademarks, service marks, collective marks, copyrights, registered names, and marks used or cited by this documentation are the property of their respective owners. SharePoint Code Analysis Framework, Version 4.5.2.7855, see www.spcaf.com for more information |