SharePoint 2007 to 2010 Upgrade: CEWP JavaScript Issue

Those of you who will be embarking on the SharePoint 2007 to 2010 upgrade path will want to take note of a relatively minor change to the content editor web (CEWP) part that might make your upgrade difficult.

In SharePoint 2007 you could go into the source view of the content editor web part and embed custom JavaScript into a page for a variety of purposes.   You could also add event handlers, such as onclick, to anchors and other tags being rendered.    This feature allowed power users to create enhanced user experiences with JavaScript and/or jQuery.

In SharePoint 2010 this is no longer possible.  If you attempt to add any JavaScript, including event handlers, to a CEWP you will get a message upon saving that says the HTML may have been modified.   SharePoint 2010 strips out all of the JavaScript and event handlers from the HTML you entered.

So what does this mean for 2007 to 2010 upgrades / migrations?   If you are using the CEWP with JavaScript in 2007 it will most likely upgrade and continue to work without issues until you try to edit the web part or the page containing the web part.  One you try to edit the web part or page, all of the JavaScript will be stripped and you will have no easy way to get it working again.

I should also mention that you will have the same issue with any rich text fields on a publishing page.

So why was this change made?  From what I understand the change was made as a security measure.   There also seems to be no way as an administrator to disable this change in functionality.

So what can be done?  There are a few options:

  1. Put your JavaScript into a text file and upload it to a document library.  Set the properties of the CEWP to load that file.
  2. Export the CEWP to a file and then manually change the contents using a text editor such as notepad.  It appears importing the modified web part does not cause it to strip out JavaScript.   Just be aware that the next time someone tries to edit the web part properties or HTML using the browser all of your JavaScript will disappear.
  3. Use the XML / XSL web part to render out your custom HTML with JavaScript.
  4. Write a custom content editor web part that doesn’t use the out of the box SharePoint Rich Text editor.

If you have come up with other ways to get around the CEWP JavaScript issue, please leave a comment.  I would love to hear your method.

Before going around the safeguards put in place by Microsoft, please make sure you completely understand the potential consequences.

0 thoughts on “SharePoint 2007 to 2010 Upgrade: CEWP JavaScript Issue”

  1. I am pasting javascript on CEWP in 2010 it showing error on allitems.aspx .But it working fine in 2007.

    I am trying for open pdf files in new window or browser in sharepoint 2010.

  2. The CEWP in SharePoint 2010 tries to remove anything it sees as a possible security issue. It also tries to enforce proper XHTML. This sometimes causes manually entered styles or JavaScript to be mangled or deleted. If you really need to use JavaScript you might want to put the code in a text file saved in a document library and then point the CEWP to it. Another option would be to create a custom web part that allows you to specify code that is written to the page as is. Of course, that would introduce potential security issues.

Leave a Reply