What is Cros Site Scripting ?
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side script into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.
Difference is
AllowUnsafeUpdates: If your code modifies Windows SharePoint Services data in some way, you may need to allow unsafe updates on the Web site, without requiring a security validation (With out any security login kind of validation) . You can do by setting the AllowUnsafeUpdates property.
RunWithElevatedPrivileges : There are certain object model calls model that require site-administration privileges. To bypass access-denied error, we use RunWithElevatedPrivileges property when request is initiated by a nonprivileged user. We can successfully make calls into the object model by calling the RunWithElevatedPrivileges method provided by the SPSecurity class.
No comments:
Post a Comment