What are the security implications of enabling custom scripts?

%3CLINGO-SUB%20id%3D%22lingo-sub-1552545%22%20slang%3D%22en-US%22%3EWhat%20are%20the%20security%20implications%20of%20enabling%20custom%20scripts%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1552545%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3CBR%20%2F%3EI%20am%20trying%20to%20understand%20the%20security%20implications%20of%20enabling%20custom%20scripts%20in%20a%20SharePoint%20Online%20site%20collection.%26nbsp%3BThis%20is%20also%20covered%20in%20the%20Microsoft%20document%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsharepoint%2Fsecurity-considerations-of-allowing-custom-script%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsharepoint%2Fsecurity-considerations-of-allowing-custom-script%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20are%20the%20implications%3F%3CBR%20%2F%3Ee.g.%20upload%20an%20aspx%20page%20that%20uses%20JavaScript%20to%20access%20API's%20present%20on%20the%20platform%20(e.g.%20Graph%20API).%3C%2FP%3E%3CP%3EAre%20custom%20scripts%20intentionally%20disabled%20in%20your%20tenants%3F%3C%2FP%3E%3CP%3Ethanks%2C%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EPaul%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1552545%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESharePoint%20Online%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
Frequent Contributor

Hi,
I am trying to understand the security implications of enabling custom scripts in a SharePoint Online site collection. This is also covered in the Microsoft document

https://docs.microsoft.com/en-us/sharepoint/security-considerations-of-allowing-custom-script

 

What are the implications?
e.g. upload an aspx page that uses JavaScript to access API's present on the platform (e.g. Graph API).

Are custom scripts intentionally disabled in your tenants?

thanks,


Paul

0 Replies