tag:blogger.com,1999:blog-691739770978360344.post6061491712597062003..comments2023-03-16T02:22:53.208-07:00Comments on KWizCom SharePoint Blog: Sandbox solutions - Good or Bad?Igor Goldshtaubhttp://www.blogger.com/profile/11454162751899721014noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-691739770978360344.post-4254334154490199702012-07-15T03:58:25.120-07:002012-07-15T03:58:25.120-07:00Ryan,
Thank you very much for comment about Split ...Ryan,<br />Thank you very much for comment about Split Page Rendering System.<br /><br />I didn't understand before i read about Split Rendering, why i see in fiddler two resposnses. First correct and other empty.<br />On screen i see empty one.<br /><br />So this table is very importnat:<br /><br />Unmergable Type<br /> Implications and Remarks<br /> <br />ClientScriptManager <br /> Sandboxed code should not write to the ClientScript property. However, client-side script can be registered with the page in other ways. For example, you could embed the script as a LiteralControl and add it to a control collection in a CreateChildControls() method.<br /> <br />ScriptManager <br /> Sandboxed code should not add a ScriptManager object to the controls collection of any object.<br /> <br />Cache <br /> Sandboxed code should not write to the Cache property.<br /> <br />MasterPage <br /> Sandboxed code should not write to the Master property. However, it can point the page to a different master page by writing to the MasterPageFile property.<br /> <br />HttpSessionState <br /> Sandboxed code should not write to the Session property.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-691739770978360344.post-67545152570353636392011-10-20T06:28:09.788-07:002011-10-20T06:28:09.788-07:00Hi Ryan,
My point exactly! blocking this and many...Hi Ryan,<br /><br />My point exactly! blocking this and many other APIs serve no purpose from the sandbox goals:<br />1. it does not help security<br />2. does not allow you to "braech" the site collection sandbox scope<br />3. does not help server performance or stability<br /><br />In any way I look at it - this and many more APIs that are not working are to say the least - a design bug.<br /><br />I expected at least to have another channel through special sandbox API that will expose those options, or like you said to get a real exception - but now... left with just banging the head against the screen...<br /><br />BTW, the real reason is, just, that the entire "Page" object is inaccessible.Shai Petelhttps://www.blogger.com/profile/15299015261603781984noreply@blogger.comtag:blogger.com,1999:blog-691739770978360344.post-46430230992926646682011-10-20T04:00:20.199-07:002011-10-20T04:00:20.199-07:00Shai, Stopping Page.ClientScript.Register* isn'...Shai, Stopping Page.ClientScript.Register* isn't really to do with security but an artefact of how they have implemented sandbox solutions with the "Split Page Rendering System"<br /><br />http://msdn.microsoft.com/en-us/library/gg615454.aspx<br /><br />Still a bit of a cop-out as far as I am concerned - they could merge in clientscript registrations along with page content or the very least throw an exception to stop you scratching your head for an hour when it fails silently...Ryanhttp://www.pentalogic.netnoreply@blogger.com