Wednesday, October 17, 2012

Differences between SafeMode and Asp.net parser


Each .aspx page is rendered by one of two possible parsers. When a request comes for an .aspx page, sharepoint isapi filter will determine who will handle serve the request for rendering the page ASP.NET or the Sharepoint Safemode parser.

The first parser, ASP.NET, requires the least amount of introduction. The second parser is unique to Windows Sharepoint Services(WSS).

Here we need to know concept of ghosting and unghosting.

In Sharepoint some pages lies in physical folder of server i.e, _layouts or _vti_bin virtual directories. These page are accessible for across the application in sharepoint and known as ghosted pages.
And the pages which is stored in content DB and serves by the sharepoint when requested is known as unghosted page. These files are not stored in file system.

From a technical standpoint, ghosted pages are those rows in the docs table which have null values for the Content column and a non-null value for the Setup Path column which points to a file on the file system itself. The referenced file essentially serves as a template and content source.

Asp.net will parse a page on first render and compile it into an assembly. The SafeMode parser does NOT compile pages. It is designed to interpretatively parse a page and create the object structure of the page. In the event inline server-side code is detected, the SafeMode parser will not allow the page to render.

The SafeMode parser ensures unghosted pages are not allowed to run code. This security feature prevents a user from injecting code into page which may maliciously, or unintentionally, bring down a server, snoop data, etc.

SafeMode parser was designed to be serve as replacement for the Asp.net parser, it does not offer identical functionality. The key differences between the two parsers are listed below:
  • SafeMode does not offer AspCompat functionality.
  • SafeMode does not compile; therefore, all compilation   directives are ignored.
  • Session State exists; however, in SafeMode once you turn it on, all unghosted pages are forced to participate in Session State. Unghosted pages do NOT have the option to opt out of using Session State.

Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)