Just got out of a presentation where we got a deep dive into the new Web Part Framework for SharePoint 2010.
If you have built any web part in SharePoint 2010 and Contributors were allowed to change the custom properties once upgrading your farm to SharePoint 2010 due to a new feature, Cross-Site Scripting Safeguarding, the site contributors will not be able to see or edit the custom properties.
There are two ways to let the existing contributors on see/edit those properties:
– I would see many people that will just give them designer rights, which I don’t recommend as they will get much more power than you expect.
– The only other recommended way is to go back to development and make sure that all properties are safe from XSS (Cross-Site Scripting) by using any of the existing techniques, as encoding any string received before executing and then change the SafeAgainstScript attribute on the SafeControl tags.
On the positive side is that SharePoint 2010 makes developers more aware of the security issues with the Web Parts.