2

It mentioned that we should set "AllowUnsafeUpdates" to true, when the web object is not created from the SPContext.

However should I still need to set as mentioned below?

SPWeb web = SPContext.Current.Web;
web.AllowUnsafeUpdates = true;

// Perform the list/list item/web update 
web.allowUnsafeUpdates = false;
Karthikeyan
  • 2,548
  • 14
  • 82
  • 142
  • The suggested post does not have the answer, this is still not clear whether to use or not on the above mentioned scenario. – Karthikeyan Apr 14 '15 at 17:49

2 Answers2

1

No. There is no reason to use unsafe updates in your scenario.

Paul Schaeflein
  • 5,048
  • 1
  • 20
  • 29
0

Yes, you will need need to use AllowUnsafeUpdates = true, and afterwards, AllowUnsafeUpdates = false - this is to prevent your from cross-site scripting attacks.

SPWeb.AllowUnsafeUpdates : Gets/Sets a Boolean value that specifies whether to allow updates to the database as a result of a GET request or without requiring a security validation. Whenever your code modifies SharePoint data in some way or Whenever we need to update SharePoint objects like SPWeb, SPList, SPListItem, etc , without requiring a security validation, we need to set SPWeb.AllowUnsafeUpdates = true.

Source

The following stack overflow question provides some additional context on best practice, and use.

Community
  • 1
Quinn Johns
  • 2,375
  • 23
  • 34