First off, SafeControls are a great feature of SharePoint, they allow for protection against malicious code being able to run on pages within your SharePoint environment. However, on the flipside they can cause some heartburn and lost hours when trying to find out why things aren’t working as expected. This came up in a recent project, where we were leveraging the new Web Templates feature in SharePoint 2010 coupled with programmatically provisioning pages and web parts on those page upon site creations. The issue we were running into was that certain web parts were throwing an error when you tried to edit or add them to an exiting or newly created publishing page.
This error was also visible on pages provisioned with web parts using features. At first there were two immediate ways to fix the issue. One was to add the required permission to the Contributor permission level. The second was to have a user with the permission view the site first. This started to shed some light on the correct resolution. What was found was the “Safe Against Script” was set to false.
In order for Members or any other group that has the Contributor permission level to modify web parts this value needs to be set to True. This is of course a very good safety check, because if this was allowed then Members, which are usually a lot more people than Designers or higher, would be able to add scripts that could be harmful and SharePoint would not be able to protect against it.
With this fixed, it also fixed the issue with Members not being able to add certain web parts. This was a result of the web parts, when being initialized on a page, trying to set default values under the context of a user with Contributor rights. Again, this typically will work, but with the Safe Against Script being set to False was giving the same error.
I hope this will help some of you overcome this issue or be able to just understand a little more about SafeControls and SharePoint.