I've created some custom property for my web part with Personalizable(PersonalizationScope.User) attribute. I changing this property in EditorPartClass in ApplyChanges() Method only. The main problem is user with contribute permission for a site can't save this property when editing personalized view of a page. Changing property applies when user click OK button on EditorPart, but after page postback value returns to its previous condition. Users with full control privilleges saves this property without a problem. If User has an "Add and Customize Page" privilege property saves too.. But than User can modify web part in shared view too.. It's bad...
views:
82answers:
1
A:
you need to explicitly change the SafeAgainstScript attribute on the SafeControl tags. This is new in 2010 because of the Client OM. you can't ever be sure that the user won't type malicious JS - so make sure you also encode any input your property takes!
alex talarico
2010-10-19 17:14:35