How to: Mark Controls as Safe Controls
For security, SharePoint differentiates between Web controls that are protected against script injection and Web controls that are not. Protected controls, or safe controls, can be accessed by untrusted users. You can mark controls as safe in the Safe Control Entries property of a SharePoint project item or in the Package Designer when you add an assembly to the package. For more information, see
web.config file Settings Change and Registering a Web Part Assembly as a Safe Control.
Important
These procedures are for illustrative purposes. Mark controls safe only if you are certain that they are secure.
Marking Safe Controls in the Safe Control Entries Property
To mark controls as safe or unsafe in the Safe Control Entries property
Create a SharePoint solution with a Visual Web Part project.
Add two controls to the Web part: a text box and a button. Leave the names at their default values, TextBox1 and Button1, respectively.
Add two entries to the Web part's Safe Control Entries property. To do this, choose the ellipsis () button next to the Safe Control Entries property in the Properties window.
The Safe Control Entries dialog box appears.
In the Safe Control Entries dialog box, choose the Add button twice to add two safe control entries to the Members pane: one for the button and one for the text box.
Choose the first safe control entry, and then change the value of its Safe property to False, its Type Name property to Button1, and its Safe Against Script property to False.
This step identifies the button control as an unsafe control.
Choose the second safe control entry in the list. Leave the value of its Safe property as True and set its Type Name property to TextBox1 and its Safe Against Script property to True.
The text box control is now marked as a control that is safe against script injection.
Choose the OK button to close the dialog box.
Marking Safe Controls in the Package Designer
To mark controls as safe or unsafe in the Package Designer
Create a SharePoint solution with a Visual Web Part project.
Add two controls to the Web part: a text box and a button. Leave the names at their default values, TextBox1 and Button1, respectively.
Take note of the namespace of the control because it is used later.
On the menu bar, choose Build, Build Solution to build the project.
Create another SharePoint solution.
In Solution Explorer, open the shortcut menu for the Package.Package file, and then choose Open to open the Package Designer.
In the Package Designer, choose the Advanced tab.
Under Additional Assemblies, choose the Add button, and then choose Add Existing Assembly from the list.
In the Add Existing Assembly dialog box, choose the ellipsis () button next to Source Path.
Choose the assembly from the SharePoint solution that you created in Step 1, and then choose the Open button.
For this example, leave the Deployment Target option as GlobalAssemblyCache.
This step causes the assembly to deploy to the system Global Assembly Cache (GAC). If you want the assembly to deploy to the Web application (Bin) folder, select that option instead. For more information, see Deploying Web Parts in SharePoint Foundation.
In the Safe Controls box, choose the Click here to add a new item button.
Enter the values for the properties from the following table.
Property Name
Value
Namespace
The fully-qualified namespace for the control, such as BdcModelProject1.VisualWebPart1.
Type Name
Button1
Assembly Name
A strong assembly name, such as: Microsoft.Office.SharePoint.ClientExtensions, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c.
Safe
Clear the Safe check box.
Safe Against Script
Leave the Safe Against Script check box clear.
Note
The Assembly Name value for assemblies added through the Advanced tab of the Package Designer cannot be a token, it must be a strongly-named assembly. For more information, see Creating and Using Strong-Named Assemblies.
Choose the Tab key to create another safe control entry.
Choose the Click here to add a new item button again.
Enter the values for the properties from the following table.
Property Name
Value
Namespace
The fully-qualified namespace for the control, such as BdcModelProject1.VisualWebPart1.
Type Name
TextBox1
Assembly Name
A strong assembly name, such as: Microsoft.Office.SharePoint.ClientExtensions, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c.
Safe
Select the Safe check box.
Safe Against Script
Select the Safe Against Script check box.
Choose the Tab key, and then choose the OK button to close the dialog box.
See Also
Concepts
Providing Packaging and Deployment Information in Project Items