The new “Custom Script” (no-script) feature
The purpose of this post is to increase awareness on Custom Script (a.k.a. no script) feature that’s introduced in O365 SharePoint tenants. We’ll be able to see this option when we visit SharePoint Admin Center site > Settings and scroll down to see the Custom Script section.
I “boxed” the more information link intentionally as I feel that’s not highly discoverable. It can be easily reached if we use keywords like “custom script sharepoint online” in our favorite search engines, but not when we search using keywords based on the symptoms we see as a result of this custom script feature.
Here’s the same link, you might want to bookmark it: Turn scripting capabilities on and off.
From the above screen shot we can see that in my SharePoint online tenant, custom script feature is turned ON on personal sites (i.e., Prevent users from running custom script on personal sites) that will not allow users to write scripts using the embed code option for example. Also notice that custom script feature is turned OFF on self-service created sites (i.e., Allow users to run custom script on self-service created sites). This means if I create a private site collection, users with appropriate rights should be able to use embed code option and write client-side scripts. For most of us the options might be obvious, but just wanted to share this out.
The following are the symptoms we would encounter if custom script feature is turned ON (which is BTW the default).
NOTE: Below sections are duplicated from the original link above for quick read.
The following site settings will no longer be available after scripting has been disabled (i.e., the prevent radio button is selected for both personal/self-service created sites).
Site feature |
Behavior |
Notes |
Save Site as Template |
No longer available in Site Settings. |
You can still build sites from templates created before scripting was disabled. |
Save document library as template |
No longer available in Library Settings. |
You can still build document libraries from templates created before scripting was disabled. |
Solution Gallery |
No longer available in Site Settings. |
You can still use solutions created before scripting was disabled. |
Theme Gallery |
No longer available in Site Settings. |
You can still use themes created before scripting was disabled. |
Help Settings |
No longer available in Site Settings. |
You can still access help file collections available before scripting was disabled. |
Sandbox solutions |
Solution Gallery will not appear in the Site Settings so you can’t add, manage, or upgrade sandbox solutions. |
You can still run sandbox solutions that were deployed before scripting was disabled. |
SharePoint Designer |
Site Pages: No longer able to update web pages that are not HTML. Handling List: Create Form and Custom Action will no longer work. Subsites: New Subsite and Delete Site redirect to the Site Settings page in the browser. Data Sources: Properties button is no longer available. |
You can still open data sources. |
The following web parts and features are unavailable to site collection owners and site owners after scripting has been disabled.
Web part category |
Web part |
Blog |
Blog Archives Blog Notifications Blog Tools |
Business Data |
Business Data Actions Business Data Item Business Data Item Builder Business Data List Business Data Related List Excel Web Access Indicator Details Status List Visio Web Access |
Community |
About This Community Join My Membership Tools What’s Happening |
Content Rollup |
Categories Project Summary Relevant Documents RSS Viewer Site Aggregator Sites in Category Term Property Timeline WSRP Viewer XML Viewer |
Document Sets |
Document Set Contents Document Set Properties |
Forms |
HTML Form Web Part |
Media and Content |
Content Editor Script Editor Silverlight Web Part |
Search |
Refinement Search Box Search Navigation Search Results |
Search-Driven Content |
Catalog-Item Reuse |
Social Collaboration |
Contact Details Note Board Organization Browser Site Feed Tag Cloud User Tasks |
Master Page Gallery |
Can't create or edit master pages |
Publishing Sites |
Can't create or edit master pages and page layouts |
Custom properties of app parts missing/does not display
Other than the above list, we’ve also observed that custom properties in app parts would be missing when custom script feature is turned ON (i.e., prevent scripts from running). The resolution is to turn custom script feature OFF thus allowing scripts to run. This brings back the missing custom properties in app parts.
Unable to upload ASPX files
When custom script feature is turned ON, we might also run into a problem where we are unable to upload ASPX files (JS/HTML files upload just fine).
Enabling script
To allow scripts, all that we have to do is to ensure we choose allow radio button on the appropriate site collection type we need (personal, self-service created sites). It takes 24 hours for the change to take effect as pointed out in the above link.
If you run into some other problems that you think should normally work in SharePoint, I’d first give custom script feature a shot! 
Hoping the information in this post was helpful.
Comments
Anonymous
April 01, 2015
Hi Sridhar, Great post! You mentioned that when the feature is turned ON, custom scripts are disabled on the self-service created sites. But you also gave an example of a Private Site Collection (which I assume is not self-service created). So does enabling the feature also prevent scripts on regular private site collections on the tenant? It would probably be worth mentioning that whether this feature only affects the site collection which is assigned as the self -service site creation host? Or does it affect all the site collections in a Tenant. I think that would clear things up around this a lot. Thanks, VardhamanAnonymous
April 02, 2015
Hi Vardhaman, I see there might be a confusion. I wrote it based on the first screen shot where custom script is set to allow on self-service created sites. Private site collections are self-service created sites. So in order for custom script to not impact private site collections, we need to set it to allow for self-service created site collections as well. Hope this clarifies! -Sridhar