Microsoft MVP Logo

In the past I've written a lot about the differences between using field controls and Web Parts in SharePoint Server 2007 Publishing sites. For more info, you can read this blog post on the ECM team blog (cross posted here) or my article on MSDN about Prescriptive Guidance for SharePoint Server 2007 Web Content Management Sites. I won't rehash the reasons why you should not use Web Parts for content here... go read those posts for more details...

However, I want to call out one Web Part in particular that causes the most issues in Publishing sites: the Content Editor Web Part (CEWP). AFAIK, this Web Part comes as close to pure evil in Publishing sites as possible for numerous reasons. Links are stored as absolute rather than relative, the content isn't versioned with the page... I could go on. So what to do about it?

Developers and designers creating page layouts have a few options:

  • Don't add any Web Part Zones to page layouts - then you can't use CEWP's, but you can't use other Web Parts that you might want to let your content owners use. Not a terribly good option.
  • Delete the CEWP definition from the site collection's Web Part Gallery - but this isn't fool proof as savvy users could still import the Web Part directly into a Web Part Zone through the browser.

Thankfully there is a better option, one I like to use on most of the sites I create for customers. It is fool proof and still allows the use of desirable Web Parts in content pages. All you do is go into the web.config for the Web application where your Publishing site resides and add an entry to the <SafeControls /> section to flag the CEWP as being unsafe:

<SafeControl Assembly="Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint.WebPartPages" TypeName="ContentEditorWebPart" Safe="False" />

Now, if you try to add the CEWP to a Web Part Zone, you get this:

CEWP

I've got a Web Application scoped Feature that will do this for you. The WSP, and source if you're interested, is up on MSDN Code Gallery: http://code.msdn.microsoft.com/ProhibitCEWP. The Feature looks like this once the solution is deployed:

CEWP2

Activating adds the <SafeControl /> entry to the web.config and deactivating removes it.

» MSDN Code Gallery: Prohibit Content Editor Web Part (*.WSP solution and source)

Comments powered by Disqus