Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This is fairly undocumented piece of information which I have got from this blog
https://www.bluedoglimited.com/SharePointThoughts/ViewPost.aspx?ID=242
I havn't tried it myself, so I cannot gaurantee its completeness. I am posting it
here for the sake of interest and community .....
In the web.config file in the Sharepoint virtual directory contains the following section:
<Sharepoint>
<SafeMode MaxControls="200" CallStack="false" DirectFileDependencies="10" TotalFileDependencies="50" AllowPageLevelTrace="false">
<PageParserPaths>
</PageParserPaths>
</SafeMode>
:
</Sharepoint>
By default the node <PageParserPaths> is empty. You can add <PageParserPath> nodes to specify the
virtual paths where you want to allow server side scripts:
<PageParserPaths>
<PageParserPath VirtualPath="/pages/*" CompilationMode="Always" AllowServerSideScript="true" IncludeSubFolders="true"/>
</PageParserPaths>
Where CompilationMode is one of the following values:
Always |
The page should always be compiled (default value) |
Auto |
ASP.NET will not compile the page, if possible. |
Never |
The page or control should never be dynamically compiled. |
I assume that the AllowServerSideScript and IncludeSubFolders flags speak for themselves.
Be
careful with the virtual paths you specify in your PageParserPaths.
Anyone that can modify or add a page to the virtual path can insert
code that will be executed server side with no restrictions.
A
good location to specify as a PageParserPath is the location where you
store your masterpages, for example /_catalogs/masterpage. You can now
add server side script to your masterpages, which makes it available in
all pages using this masterpage.
<PageParserPaths>
<PageParserPath
VirtualPath="/_layouts/masterpage/*" CompilationMode="Always"
AllowServerSideScript="true" IncludeSubFolders="true"/>
</PageParserPaths>