The new “Custom Script” (no-script) feature


The purpose of this post is to increase awareness on Custom Script (a.k.a. no script) feature that’s introduced in O365 SharePoint tenants.  We’ll be able to see this option when we visit SharePoint Admin Center site > Settings and scroll down to see the Custom Script section.

 

image

I “boxed” the more information link intentionally as I feel that’s not highly discoverable.  It can be easily reached if we use keywords like “custom script sharepoint online” in our favorite search engines, but not when we search using keywords based on the symptoms we see as a result of this custom script feature.

Here’s the same link, you might want to bookmark it: Turn scripting capabilities on and off.

From the above screen shot we can see that in my SharePoint online tenant, custom script feature is turned ON on personal sites (i.e., Prevent users from running custom script on personal sites) that will not allow users to write scripts using the embed code option for example.  Also notice that custom script feature is turned OFF on self-service created sites (i.e., Allow users to run custom script on self-service created sites).  This means if I create a private site collection, users with appropriate rights should be able to use embed code option and write client-side scripts.  For most of us the options might be obvious, but just wanted to share this out.

The following are the symptoms we would encounter if custom script feature is turned ON (which is BTW the default).

NOTE: Below sections are duplicated from the original link above for quick read.

The following site settings will no longer be available after scripting has been disabled (i.e., the prevent radio button is selected for both personal/self-service created sites).

Site feature

Behavior

Notes

Save Site as Template

No longer available in Site Settings.

You can still build sites from templates created before scripting was disabled.

Save document library as template

No longer available in Library Settings.

You can still build document libraries from templates created before scripting was disabled.

Solution Gallery

No longer available in Site Settings.

You can still use solutions created before scripting was disabled.

Theme Gallery

No longer available in Site Settings.

You can still use themes created before scripting was disabled.

Help Settings

No longer available in Site Settings.

You can still access help file collections available before scripting was disabled.

Sandbox solutions

Solution Gallery will not appear in the Site Settings so you can’t add, manage, or upgrade sandbox solutions.

You can still run sandbox solutions that were deployed before scripting was disabled.

SharePoint Designer

Site Pages: No longer able to update web pages that are not HTML.

Handling List: Create Form and Custom Action will no longer work.

Subsites: New Subsite and Delete Site redirect to the Site Settings page in the browser.

Data Sources: Properties button is no longer available.

You can still open data sources.

 

The following web parts and features are unavailable to site collection owners and site owners after scripting has been disabled.

Web part category

Web part

Blog

Blog Archives

Blog Notifications

Blog Tools

Business Data

Business Data Actions

Business Data Item

Business Data Item Builder

Business Data List

Business Data Related List

Excel Web Access

Indicator Details

Status List

Visio Web Access

Community

About This Community

Join

My Membership

Tools

What’s Happening

Content Rollup

Categories

Project Summary

Relevant Documents

RSS Viewer

Site Aggregator

Sites in Category

Term Property

Timeline

WSRP Viewer

XML Viewer

Document Sets

Document Set Contents

Document Set Properties

Forms

HTML Form Web Part

Media and Content

Content Editor

Script Editor

Silverlight Web Part

Search

Refinement

Search Box

Search Navigation

Search Results

Search-Driven Content

Catalog-Item Reuse

Social Collaboration

Contact Details

Note Board

Organization Browser

Site Feed

Tag Cloud

User Tasks

Master Page Gallery

Can't create or edit master pages

Publishing Sites

Can't create or edit master pages and page layouts

 

Custom properties of app parts missing/does not display

Other than the above list, we’ve also observed that custom properties in app parts would be missing when custom script feature is turned ON (i.e., prevent scripts from running).  The resolution is to turn custom script feature OFF thus allowing scripts to run.  This brings back the missing custom properties in app parts.

 

Unable to upload ASPX files

When custom script feature is turned ON, we might also run into a problem where we are unable to upload ASPX files (JS/HTML files upload just fine).

image

 

Enabling script

To allow scripts, all that we have to do is to ensure we choose allow radio button on the appropriate site collection type we need (personal, self-service created sites).  It takes 24 hours for the change to take effect as pointed out in the above link.

If you run into some other problems that you think should normally work in SharePoint, I’d first give custom script feature a shot! Smile

Hoping the information in this post was helpful.

Comments (2)
  1. Vardhaman says:

    Hi Sridhar,

    Great post!

    You mentioned that when the feature is turned ON, custom scripts are disabled on the self-service created sites. But you also gave an example of a Private Site Collection (which I assume is not self-service created). So does enabling the feature also prevent scripts on regular private site collections on the tenant?

    It would probably be worth mentioning that whether this feature only affects the site collection which is assigned as the self -service site creation host? Or does it affect all the site collections in a Tenant. I think that would clear things up around this a lot.

    Thanks,

    Vardhaman

  2. Hi Vardhaman,

    I see there might be a confusion.  I wrote it based on the first screen shot where custom script is set to allow on self-service created sites.  Private site collections are self-service created sites.  So in order for custom script to not impact private site collections, we need to set it to allow for self-service created site collections as well.

    Hope this clarifies!

    -Sridhar

Comments are closed.

Skip to main content