SharePoint Ghosted and Unghosted Pages

Each .aspx page is rendered by one of two possible parsers. When a request is received for an .aspx page, the SharePoint isapi filter determines who will handle the rendering of the page— orthe SharePoint SafeMode parser. The first parser,, requires the least amount of introduction. The second parser is unique to Windows SharePoint Services.

The intent of this discussion is to cover the differences between the two parsers. To be very clear, this discussion applies to pages which come from the main application root of a SharePoint virtual server. Pages which originate from either the "_layouts" or "_vti_bin" virtual directories can be excluded from the discussion.

As everyone knows, all pages within SharePoint are stored in the database. This effectively means that for each document, you will find a row in the docs table for that document. The actual file is stored in the Content column. This is true for all files. However, there is one exception - some .aspx pages don't actually have their content stored in the database. Instead, these pages reference files which exist on the server's file system. These pages are considered ghosted pages.

From a technical standpoint, ghosted pages are those rows in the docs table which have null values for the Content column and a non-null value for the SetupPath column which points to a file on the file system itself. The referenced file essentially serves as a template and content source.

What pages are ghosted? For example, the default home page is a ghosted page. Any web part pages created the via New Web Part Page user interface also ghosted.

As you can see, I've described ghosted pages as the exception to the rule. What does it mean if a document doesn't reference a template on the file system? Or, more to the point, the Content column actually contains data? These pages are known as unghosted .aspx pages and they are routed through the SafeMode parser.

What does is the main difference between the SafeMode parser and Code compilation.

As everyone knows, will parse a page on first render and compile it into an assembly. The SafeMode parser does NOT compile pages. It is designed to interpretatively parse a page and create the object structure of the page. In the event inline server-side code is detected, the SafeMode parser will not allow the page to render. Additionally, the only objects within the page (i.e. controls marked as runat=server) which can be instantiated are those items found in the SafeControls list.

Can a page transition from a ghosted state to unghosted? Yes.

Ghosted pages become unghosted once a file has been modified. If a page is updated using FrontPage 2003, web folders, or the modification of custom document library fields, the Content column of the given document row is populated with the page contents. All uploaded .aspx files are automatically unghosted.

Are there other differences between SafeMode and Yes.

Although the SafeMode parser was designed to be serve as replacement for the parser, it does not offer identical functionality. The key differences between the two parsers are listed below:

  • SafeMode does not offer AspCompat functionality.
  • SafeMode does not compile; therefore, all compilation directives are ignored.
  • Session State exists; however, in SafeMode once you turn it on, all unghosted pages are forced to participate in Session State. Unghosted pages do NOT have the option to opt out of using Session State.

    (Update 9/22: Read more about about the implications of turning on SessionState).

Why are there two types of rendering engines? Security and scalability.

The SafeMode parser ensures unghosted pages are not allowed to run code. This security feature prevents a user from injecting code into page which may maliciously, or unintentionally, bring down a server, snoop data, etc. Consider the permission levels associated with updating a page vs. the number of users within a WSS server—if you're the admin, you would probably be extremely wary of giving anyone the "Add and Customize Pages" right knowing that they would be able to freely execute server-side code if the SafeMode parser didn't exist. With our current behavior, once a page is transitioned from a ghosted to unghosted state, the admin knows that page cannot influence the behavior of the server.

Additionally, without the SafeMode parser, all pages would have to be routed through which would mean all pages would be compiled and their associated assembly loaded into memory. Imagine a site with thousands of operational pages... the memory requirement would be huge. The current design limits page compilation to a very small number of pages relative to the actual number of pages within a WSS-extended virtual server.

How can you tell if a page is ghosted or unghosted? Quite simply—you can't.

There is no way to determine the state of your page. Unfortunately, this functionality simply didn't make its way into the product. In an ideal world, you would never need to know if a page is ghosted or not. However, we don't live in an ideal world.

Is it possible to "reset" an unghosted page to its original ghosted state? No.

This ties into the previous answer. Straight out of the box, there is no way to return a page to its original ghosted state.

Help... I need to reset a page!! Surely there are options?!

Check out the GhostHunter Web Part which is included in the Web Part Toolkit. The GhostHunter Web Part was specifically designed to address the limitations of WSS with respect to ghosted and unghosted pages.

Happy ghost hunting!! :)

This article was reprinted with the author's permission.

About the Author

Maurice Prather

Looking for informaton related to Windows SharePoint Services? Stop by my blog located at


  • There are no comments yet. Be the first to comment!

Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • Moving from an on-premises environment to Office 365 does not remove the need to plan for disruptions or reduce the business risk requirements for protecting email services. If anything, some risks increase with a move to the cloud. Read how to ease the transition every business faces if considering or already migrating to cloud email. This white paper discusses: Setting expectations when migrating to Office 365 Understanding the implications of relying solely on Exchange Online security Necessary archiving …

  • Enterprises are increasingly looking to platform as a service (PaaS) to lower their costs and speed their time to market for new applications. Developing, deploying, and managing applications in the cloud eliminates the time and expense of managing a physical infrastructure to support them. PaaS offerings must deliver additional long-term benefits, such as a lower total cost of ownership (TCO), rapid scalability, and ease of integration, all while providing robust security and availability. This report …

Most Popular Programming Stories

More for Developers

RSS Feeds

Thanks for your registration, follow us on our social networks to keep up-to-date