0

I have tried to write a code in object model using C#.Net for accessing a sharepoint list items and document library, I have to set allowunsafeupdates property to be true.

Is it massive security problem to the whole site..

Could anyone clarify this ...

Hari Gillala
  • 11,736
  • 18
  • 70
  • 117
  • Check out these articles: [https://hristopavlov.wordpress.com/2008/05/16/what-you-need-to-know-about-allowunsafeupdates/](https://hristopavlov.wordpress.com/2008/05/16/what-you-need-to-know-about-allowunsafeupdates/) [https://hristopavlov.wordpress.com/2008/05/21/what-you-need-to-know-about-allowunsafeupdates-part-2/](https://hristopavlov.wordpress.com/2008/05/21/what-you-need-to-know-about-allowunsafeupdates-part-2/) They are a very thorough look at `AllowUnsafeUpdates` and might answers some question you have. – Jason Evans Oct 24 '10 at 16:17

1 Answers1

1

The biggest risk on setting SPSite.AllowUnsafeUpdates to true is in GET operations because it open your site to cross site scripting.

Have a look to this question for further details on using the true value within a safe pattern usage.

Community
  • 1
  • 1
Lorenzo
  • 29,081
  • 49
  • 125
  • 222