This project has moved and is read-only. For the latest updates, please go here.

SPScriptAudit Enhancements

Dec 30, 2009 at 5:24 PM


Loving the script audit and per our twitter conversation, starting a new topic to keep up with all the ideas and feedback.


  • Page column is using relative links, so when navigating to individual forms getting 404 errors because I am navigating to the wrong place. No problem with Lists column.


  • Option to show/hide hidden lists.
  • Run against a specific document library

This is what I have for now. Still investigating :)

Chris Quick

Dec 30, 2009 at 5:37 PM


I also noticed that it is only picking up the individual edit forms (DispForm.aspx, EditForm.aspx, NewForm.aspx) defined for all lists. It might be a good idea to be able to select between views and edit forms. I know that in the past many of the customizations have been done to web part pages contained in document libraries and on individual views. There have been some customizations to the default list edit forms, but I really try to stay away from that unless it is absolutely necessary to modify those pages.



Dec 30, 2009 at 5:41 PM

Right now, I'm only looking at the Forms for lists (DispForm.aspx, EditForm.aspx, NewForm.aspx or their customizations).  I wanted to start there because most people who are using my library will have implemented it in forms to date.

Sounds like a good next step would be to add in Views.

I'm going to add a clearer description of how SPScriptAudit is currently working on the $().SPServices.SPScriptAudit page so that we're on the same page.


Dec 30, 2009 at 5:45 PM

Sounds good. I really like this idea of being able to audit for scripts, especially in light of all the debate going on concerning jQuery and SharePoint.


Dec 30, 2009 at 5:48 PM
Edited Dec 30, 2009 at 6:02 PM

With power comes responsibility.  Someone said that once. ;+)

[Who knew? I just checked and it was in a Spiderman movie: One would have thought Churchill or someone!]


Dec 30, 2009 at 6:21 PM

Okay, I'm missing something on the way you're recommending to use the library. I see that the code is calling a selector on a table cell with the id containing MSOZoneCell_WebPartWP. This will not pick up customizations outside of the table cell, correct?

I made a modifications to my announcements list display form and simply included the jQuery library. However, I did this using SharePoint Designer and placed the script tag into the PlaceHolderAdditionalPageHead content place holder:

<asp:Content ContentPlaceHolderId="PlaceHolderAdditionalPageHead">
     <script type="text/javascript" src="/sites/es/resources/jquery-1.3.2.min.js"></script>

Of course, it didn't see this customizations. Should I be doing something different to include the library and my jQuery code?


Dec 30, 2009 at 6:27 PM

Well, we have two methods we can use to include script on the page:

  1. Contained within CEWPs (which seems to be what everyone is worried about)
  2. Contained within the page itself (as you show above)

As you see in the code, I'm only looking for script tags right now within Web Parts.  My thinking was that if you went the second route, then you would be knowledgeable enough not to need to be audited, but that makes no sense to me now that I am typing it.

I've already got your hidden lists enhancement in and I'm working on a few other switches:

showHiddenLists: false,   // Show output for hidden lists
showNoScript: false,   // Show output for lists with no scripts (effectively "verbose")
showSrc: true     // Show the source location for included scripts

Let me add a check for script *outside* Web Parts as well.  At that point, I'll have a new alpha for you to try.


Dec 30, 2009 at 6:55 PM

Sounds good. Just let me know when it's ready and I'll give it a test-drive. :)


Jan 4, 2010 at 3:03 PM


v0.4.8ALPHA3 reports on custom forms for lists.  It seems like there are other specific targets for this function:

  • Any aspx pages in the /Pages Document Library (if it exists)
  • Pages in the root of the site, such as default.aspx in a non-publishing site
  • List views

Any other obvious additions to this list?

I'm also interested in your thoughts on how to scope this function.  Right now, it works at the site (Web) level.  I went this way because it takes a while to make all of the Web Service calls.  I could see utility in these scopes as well:

  • Single list or Document Library (you already asked for this)
  • Site (WEb) as it now works
  • Site Collection

Any others come to mind? Separate functions or a single function with options?


Jan 4, 2010 at 3:05 PM


When executing my scripts, Firebug shows a lot of 401 Unauthorized responses when contacting the Webs.asmx web service and nothing is rendered to the output div. I changed back to the ALPHA2 and noticed that Forms.asmx was giving the same error, however, output was rendered.

Here is the script, placed into a CEWP:

<script type="text/javascript" src="/sites/es/resources/jquery-1.3.2.min.js"></script>
<script type="text/javascript" src="/sites/es/resources/jquery.SPServices-0.4.8ALPHA3.js"></script>

<script type="text/javascript">
$(document).ready(function () {
         webURL: "/sites/es",
         outputId: "WSOutput",
         showHiddenLists: true,
         showNoScript: true,
         showSrc: true

<div id="WSOutput"></div>
Jan 4, 2010 at 3:08 PM

I'm now getting them with Lists.asmx as well -- nothing is rendered in either Firefox or IE7.

Jan 4, 2010 at 3:11 PM

Erg.  I'm not doing any error checking at this point, so it could be lots of things.  I assume that you are logged in with an account that has Site Collection Administrator permissions? Since we're reading from all sorts of things, that's what I'd recommend.


Jan 4, 2010 at 3:20 PM

Yes, running as the System account and still getting the same problems. Here's the post stream and where the errors occur:

  • Lists.asmx       200 OK
  • Webs.asmx     401 Unauthorized
  • Webs.asmx     401 Unauthorized
  • Webs.asmx     200 OK
  • Lists.asmx       401 Unauthorized
  • Webs.asmx     200 OK
  • Lists.asmx       401 Unauthorized
  • Lists.asmx       200 OK
  • Webs.asmx     401 Unauthorized
  • Lists.asmx       200 OK
  • Webs.asmx     401 Unauthorized
  • Webs.asmx     200 OK

The rest of the calls return 200 OK. It's pretty much the same sequence each time for the first 12 or so calls to the web services.

Jan 4, 2010 at 3:24 PM

Okay, just ran it again as the system account and got a whole different response stream. It seems to fail authentication randomly.

Jan 4, 2010 at 3:27 PM
Edited Jan 4, 2010 at 3:41 PM

I've seen this type of behavior with Safari on a Mac, but not with IE on a PC. What browser are you using?


Jan 4, 2010 at 3:42 PM

Duh - You're using Firefox, since you're reporting what Firebug is seeing.

The interesting thing is that even where I'm seeing the errors in Firebug, the responses from the Web Services are there and correct. Debugging time...


Jan 4, 2010 at 4:34 PM

Still getting the authorization errors, but I found the bug which was preventing the output in Firefox.  You should get results with v0.4.8ALPHA4.

I'm not sure what's going on with the authorization errors.  I'll keep looking into that...


Jan 5, 2010 at 3:15 AM


I posted a new version, just to tempt you...