Customize SharePoint 2016 On-Premise with Script Editor for Intranet

%3CLINGO-SUB%20id%3D%22lingo-sub-1092175%22%20slang%3D%22en-US%22%3ECustomize%20SharePoint%202016%20On-Premise%20with%20Script%20Editor%20for%20Intranet%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1092175%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Everyone%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAim%3A%26nbsp%3B%20I%20am%20writing%20in%20to%20seek%20your%20expertise%20and%20advise%20on%20SharePoint%20Script%20Editor.%20Specifically%2C%20how%20%2Cif%20any%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1)%20Does%20the%20use%20of%20Script%20Editor%20amounts%20to%20SharePoint%20customization%3F%3C%2FP%3E%3CP%3E2)%20Will%20Script%20Editor%20compromise%20SharePoint%20security%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBackground%20%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20using%20Script%20Editor%20on%20SharePoint%202016%20On-Premise%20SP2%20to%20develop%20a%20front-end%20interface%20for%20our%20stakeholders%20to%20filter%20business%20data%20for%20our%20Intranet.%20I%20achieved%20my%20goal%20via%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1)%20Uploaded%20bootstrap.js%2Fbootstrap.css%2FjQuery.js%20in%20a%20document%20library%26nbsp%3B%3C%2FP%3E%3CP%3E2)%20Stored%20business%20data%20via%20Custom%20List%3C%2FP%3E%3CP%3E3)%20Leveraged%20on%20SharePoint%20JavaScript%20API%20(%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fprevious-versions%2Foffice%2Fdeveloper%2Fsharepoint-2010%2Fhh185007(v%253Doffice.14)%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fprevious-versions%2Foffice%2Fdeveloper%2Fsharepoint-2010%2Fhh185007(v%253Doffice.14)%3C%2FA%3E)%20and%20jQuery%20to%20draw%20data%20from%20custom%20list%20and%20process%20the%20data%20and%20display%20the%20results%20on%20the%20SharePoint%20page.%3C%2FP%3E%3CP%3E4)%20Embed%20the%20entire%20HTML%20code%20via%20%22Script%20Editor%22%20of%20a%20SharePoint%20page.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EQuestions%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1)%20What%20constitutes%20SharePoint%20customization%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESince%20Script%20Editor%20is%20a%20SharePoint%20out%20of%20the%20box%20web%20part%2C%20does%20using%20it%20amounts%20to%20SharePoint%20customization%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E2)%20What%20are%20the%20types%20of%20SharePoint%20Customization%3F%20(Full%20trust%20solution%20vs%20client%20side%20scripting)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20believe%20full%20trust%20solution%20refers%20to%20.NET%20and%20C%23%20codes%20that%20are%20deployed%20at%20SharePoint%20server.%20I%20am%20using%20Script%20Editor%20which%20is%20client%20side%20programming%20and%20I%20believe%20it's%20not%20a%20full%20trust%20solution.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E3)%20Does%20customization%20via%20Script%20Editor%26nbsp%3Baffects%20SharePoint%20Intranet%20performance%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20web%20application%20filters%20data%20from%20the%20SharePoint%20custom%20list%20and%20display%20all%20the%20related%20data%20in%20the%20web%20page.%20I%20have%20estimated%20that%20the%20number%20of%20concurrent%20users%20to%20be%2030-50%20pax%20anytime.%20Therefore%2C%20will%20such%20use%20case%20impact%20our%20SharePoint%20Intranet%20performance.%20Given%20that%20our%20Intranet%20is%20spec%20to%20support%20around%20~500%20staff.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E4)%20Can%20I%20migrate%20Script%20Editor%20customization%20easily%20from%20SharePoint%202016%20on-Premise%20to%20SharePoint%202019%20on-premise%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAm%20I%20right%20to%20assume%20the%20effort%20required%20for%20the%20migration%20of%20SharePoint%20customization%20via%20Script%20Editor%20comprises%20of%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1)%20Recreating%20the%20document%20library%20in%20SharePoint%202019%3C%2FP%3E%3CP%3E2)%20Recreating%20the%20custom%20list%20in%20SharePoint%202019%3C%2FP%3E%3CP%3E3)%20Copy%20and%20paste%20the%20existing%20codes%20from%20the%20SharePoint%202016%20Script%20Editor%20as%20it%20to%20SharePoint%202019%20Script%20Editor.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E5)%20Will%20Script%20Editor%20compromise%20our%20intranet%20cyber%20security%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20JavaScript%20does%203%20functions%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1)%20CRUD%20of%20data%20from%20SharePoint%20list%20via%20SharePoint%20JavaScript%20API%3C%2FP%3E%3CP%3E2)%20Filter%20data%20from%20SharePoint%20list%3C%2FP%3E%3CP%3E3)%20Identify%20related%20data%20from%20other%20SharePoint%20list%20and%20display%20it%20on%20the%20webpage%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOur%20IT%20dept%20had%20limited%20staff%20from%20uploading%20JS%20files.%20Only%20dept%20web%20masters%20with%20full%20control%20rights%20can%20access%20%22Script%20Editor%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20are%20the%20cyber%20risks%20associated%20with%20Script%20Editor%3F%3F%20Specifically%2C%20can%20Script%20Editor%20be%20used%20to%20perform%20XSS%3F%3FHow%20can%20I%20work%20with%20our%20IT%20dept%20to%20mitigate%20these%20risks%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E6)%20Can%20SharePoint%20Framework%20be%20deployed%20like%20%22Script%20Editor%22%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBased%20on%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsharepoint%2Fdev%2Fspfx%2Fsharepoint-framework-overview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsharepoint%2Fdev%2Fspfx%2Fsharepoint-framework-overview%3C%2FA%3E%2C%20I%20believe%20it's%20similar%20to%20full%20trust%20solution%20where%20I%20will%20not%20have%20access%20to%20the%20SP%20server.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E7)%20Will%20Script%20Editor%20be%20phased%20out%20in%20future%20SharePoint%20and%20replaced%20by%20SPFX%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22%22%3EThank%20you%20all%20for%20your%20time%20and%20hope%20to%20hear%20from%20you%20soon.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Visitor

Hi Everyone,

 

Aim:  I am writing in to seek your expertise and advise on SharePoint Script Editor. Specifically, how ,if any,

 

1) Does the use of Script Editor amounts to SharePoint customization?

2) Will Script Editor compromise SharePoint security?

 

 

Background :

 

I am using Script Editor on SharePoint 2016 On-Premise SP2 to develop a front-end interface for our stakeholders to filter business data for our Intranet. I achieved my goal via

 

1) Uploaded bootstrap.js/bootstrap.css/jQuery.js in a document library 

2) Stored business data via Custom List

3) Leveraged on SharePoint JavaScript API (https://docs.microsoft.com/en-us/previous-versions/office/developer/sharepoint-2010/hh185007(v%3Doff...) and jQuery to draw data from custom list and process the data and display the results on the SharePoint page.

4) Embed the entire HTML code via "Script Editor" of a SharePoint page.

 

Questions:

 

1) What constitutes SharePoint customization?

 

Since Script Editor is a SharePoint out of the box web part, does using it amounts to SharePoint customization?

 

2) What are the types of SharePoint Customization? (Full trust solution vs client side scripting)

 

I believe full trust solution refers to .NET and C# codes that are deployed at SharePoint server. I am using Script Editor which is client side programming and I believe it's not a full trust solution.

 

3) Does customization via Script Editor affects SharePoint Intranet performance?

 

My web application filters data from the SharePoint custom list and display all the related data in the web page. I have estimated that the number of concurrent users to be 30-50 pax anytime. Therefore, will such use case impact our SharePoint Intranet performance. Given that our Intranet is spec to support around ~500 staff.

 

4) Can I migrate Script Editor customization easily from SharePoint 2016 on-Premise to SharePoint 2019 on-premise?

 

Am I right to assume the effort required for the migration of SharePoint customization via Script Editor comprises of 

 

1) Recreating the document library in SharePoint 2019

2) Recreating the custom list in SharePoint 2019

3) Copy and paste the existing codes from the SharePoint 2016 Script Editor as it to SharePoint 2019 Script Editor.

 

5) Will Script Editor compromise our intranet cyber security?

 

My JavaScript does 3 functions

 

1) CRUD of data from SharePoint list via SharePoint JavaScript API

2) Filter data from SharePoint list

3) Identify related data from other SharePoint list and display it on the webpage

 

Our IT dept had limited staff from uploading JS files. Only dept web masters with full control rights can access "Script Editor"

 

What are the cyber risks associated with Script Editor?? Specifically, can Script Editor be used to perform XSS??How can I work with our IT dept to mitigate these risks?

 

6) Can SharePoint Framework be deployed like "Script Editor"?

 

Based on https://docs.microsoft.com/en-us/sharepoint/dev/spfx/sharepoint-framework-overview, I believe it's similar to full trust solution where I will not have access to the SP server. 

 

7) Will Script Editor be phased out in future SharePoint and replaced by SPFX?

 

Thank you all for your time and hope to hear from you soon.

0 Replies