SharePoint's broken as usual

How to enable custom scripts for a SharePoint site collection?

This post was most recently updated on December 4th, 2018.

This article explains how to enable custom scripts for any SharePoint site collection. Different instructions and solutions apply to SharePoint Online, and on-premises scenarios (SharePoint 2013, 2016 and probably 2019).

Different solutions resolve the issue for different target sites:

  • Modern SharePoint Team Sites (attached to Office Groups)
  • SharePoint MySites
  • Personal OneDrive sites
  • Any SharePoint site collection created based on self-service site creation
  • SharePoint Online tenant root site collection
  • Any Classic SharePoint site collection

Errors and causes

Most typically I run into this when trying to insert a script web part with custom JavaScript into a site, that has NoScript enabled. That’s annoying – since script webparts are incredibly useful!

However, that is the default setting on quite a few different sites – note that Microsoft explains it this way.

By default, script is allowed on sites that admins create. It is not allowed on OneDrive, on sites users create themselves, and on the root site for your organization.

That kind of makes sense. Custom scripting makes it possible to customize the sites quite extensively, and Microsoft doesn’t want that on OneDrive sites, or the good old MySites for SharePoint User Profiles.

Microsoft continues:

If SharePoint Online was set up for your organization before 2015, your custom script settings might still be set to “Not Configured” even though in the SharePoint admin center they appear to be set to prevent users from running custom script. In this case, users won’t be able to copy items between SharePoint sites and between OneDrive and SharePoint. On the settings page of the SharePoint admin center, click OK to accept the custom script settings as they appear and enable cross-site copying.

Useful information. This means we’ll need to tweak the setting not only for sites with customization, but also for some older sites.

Other situations when this might come up, is when uploading sandboxed solutions, or any of the following file types:

  • .asmx
  • .ascx
  • .aspx
  • .htc
  • .jar
  • .master
  • .swf
  • .xap
  • .xsf

These are all files that could potentially include code or scripts – JavaScript, Java, ActionScript, C# – so Microsoft prefers to block or restrict them on a lot of sites. For more info about this functionality, check out this KB page by Microsoft.

Yet another situation where this functionality comes up is this dialog, which you could run into on your webpart pages:

“Web Part Error: A Web Part or Web Form Control on this Page cannot be displayed or imported. You don’t have Add and Customize Pages permissions required to perform this action.”
“Web Part Error: A Web Part or Web Form Control on this Page cannot be displayed or imported. You don’t have Add and Customize Pages permissions required to perform this action.”

How to get around the issue then? See below for the solutions I’ve found so far!

Solution(s)

This article explains a few different options on how to fix the issue depending on your environment, and the type of the site collection.

Enable custom scripts tenant-wide

Applies to: SharePoint Online

  • SharePoint MySites
  • Personal OneDrive sites
  • Any SharePoint site collection created based on self-service site creation

This is, of course, fairly straightforward. You can enable Custom Scripts (basically, this is equivalent of setting the “DenyAddAndCustomizePages” switch to false for the site) for the whole tenant at once. Here’s how to do that:

Navigate to your O365 SharePoint admin portal, and click “settings”. A bit further down you’ll see these options – make sure they’re set to “Allow”:

Enable custom scripts in SharePoint Online Admin Portal settings
Enable custom scripts in SharePoint Online Admin Portal settings Enable custom scripts in SharePoint Online Admin Portal settings

This change will come into action in the next 24 hours.

However, if you don’t have 24 hours to wait, see the next solution.

Enable custom scripts using (vanilla) PowerShell

Applies to: SharePoint Online

  • Modern SharePoint Team Sites (attached to Office Groups)
  • Modern SharePoint Communication sites (after 08/2017)
  • SharePoint MySites
  • Personal OneDrive sites
  • Any SharePoint site collection created based on self-service site creation
  • SharePoint Online tenant root site collection
  • Any Classic SharePoint site collection

This makes it possible to enable the custom scripts for any SharePoint Online site collection – even Modern ones! The snippet below shows how to enable it for one site – you can modify it to loop through all sites if you need to!

Below, you can see an example of the PowerShell script required for this change.

Connect-SPOService -Url https://[yourtenant]-admin.sharepoint.com -credential admin@[tenant].onmicrosoft.com Set-SPOSite -Identity https://[yourtenant].sharepoint.com/[siteurl] -DenyAddAndCustomizePages 0

You’ll only need SharePoint Management Shell, no other dependencies. Nice and simple!

Unlike the switch on tenant admin site, this change should be practically instant.

However, if you want to apply this change to On-Premises environments, you might want to check out the following solution…

Enable custom scripts using SharePoint Patterns and Practices (PnP) PowerShell

Applies to: SharePoint Online | SharePoint 2013 | SharePoint 2016 | SharePoint 2019(?)

The script below should work for all of these 4 different environments, as long as you use a different bersion of PnP PowerShell module.

# For On-Premises, replace "Online" in the library name with 2013, 2016 or 2019
# If you don't already have the modules, run Install-module first!
Import-Module -Name SharePointPnPPowerShellOnline -DisableNameChecking
 
$DenyAddAndCustomizePagesStatusEnum = [Microsoft.Online.SharePoint.TenantAdministration.DenyAddAndCustomizePagesStatus]
 
Connect-PnPOnline -Url 'https://[yourtenant]-admin.sharepoint.com/' -Credentials (Get-Credentials)
 
$context = Get-PnPContext
$site = Get-PnPTenantSite -Detailed -Url 'https://[yourtenant].sharepoint.com/'
 
$site.DenyAddAndCustomizePages = $DenyAddAndCustomizePagesStatusEnum::Disabled
 
$site.Update()
$context.ExecuteQuery()
 
# This row should output list of your sites' URLs and the status of their custom scripting (disabled or not)
Get-PnPTenantSite -Detailed -Url 'https://[yourtenant].sharepoint.com/' | select url,DenyAddAndCustomizePages
 
Disconnect-PnPOnline

(See more: https://techcommunity.microsoft.com/t5/SharePoint-Developer/How-do-I-set-DenyAddAndCustomizePages-using-PnP/td-p/32372)

This script should be almost instant as well – we’re talking about a delay of 30 seconds or so, so quite an improvement over the switch on tenant admin site!

For a pretty good documentation about the whole NoScript stuff, check out this page: https://support.office.com/en-us/article/allow-or-prevent-custom-script-1f2c515f-5d7e-448a-9fd7-835da935584f

The following two tabs change content below.

Antti K. Koskela

Solutions Architect / Escalations Engineer at Koskila / Norppandalotti Software / Valo Solutions
Antti Koskela is a proud digital native nomadic millenial full stack developer (is that enough funny buzzwords? That's definitely enough funny buzzwords!), who works as a Solutions Architect for Valo Intranet, the product that will make you fall in love with your intranet. Working with the global partner network, he's responsible for the success of Valo deployments happening all around the world. He's been a developer from 2004 (starting with PHP and Java), and he's been bending and twisting SharePoint into different shapes since MOSS. Nowadays he's not only working on SharePoint, but also on .NET projects, Azure, Office 365 and a lot of other stuff. This is his personal professional (e.g. professional, but definitely personal) blog.

Let me know your thoughts!