Making Updates to SharePoint from JavaScript
While working on a project involving SharePoint, our effort to provide a better UI required making some updates from JavaScript. If you make an attempt at this you are likely to get the following error.
Microsoft.SharePoint.SPException was unhandled by user code Message="The security validation for this page is invalid. Click Back in your Web browser, refresh the page, and try your operation again." Source="Microsoft.SharePoint"
What's going on is SharePoint trying to prevent cross-site scripting. You will find many articles saying to wrap your update setting AllowUnsafeUpdates like below.
myWeb.AllowUnsafeUpdates = true;
// Call Update();
myWeb.AllowUnsafeUpdates = false;
Here you can find an explanation of AllowUnsafeUpdates.
http://hristopavlov.wordpress.com/2008/05/16/what-you-need-to-know-about-allowunsafeupdates/
I opted to not use AllowUnsafeUpdates. Instead I went with the POST approach. This requires a control added to your page.
<sharepoint:formdigest runat="server"/>
So now your page will have a few new additions to it. Namely a small JavaScript call on form submit and a hidden input field with id=”__REQUESTDIGEST”. The OnSubmit call is to WebForm_OnSubmit() and will populate the value of the hidden input field. All that is needed is for your JavaScript code to call this method itself and then send the key-value of __REQUESTDIGEST in along with your post data.