This was recently asked on SharePoint StackExchange and I believe it deserves a blog post.

If you ever had to develop anything more than a SharePoint Hello World Online App, you would definitely know what SPWeb.AllowUnsafeUpdates is used for. In case you don’t know, a couple of good reads to start from can be found here and here. If you want a more extensive explanation, this is a very good article.

Back to the original question now – is setting SPWeb.AllowUnsafeUpdates to true or false a resource expensive process? Plot twist – NO. On the other hand if you want to understand what happens when you set that property, read on.

From the first look it might seem like a property, but actually the setter of that property calls a method named SetAllowUnsafeUpdates(value) which has the following code:

private void SetAllowUnsafeUpdates(bool allowUnsafeUpdates)
{
   this.Request.SetIgnoreCanary(allowUnsafeUpdates);
}

SetIgnoreCanary sets to ignore Canary (Canary is something that refers to a method of buffer overflow protection (https://en.wikipedia.org/wiki/Buffer_overflow_protection)) and checks if permissions are properly propagated:

public void SetIgnoreCanary(bool bIgnoreCanary)
{
   try
   {
      ++this.m_UnmanagedStackCount;
      this.EnsureRightsPropagated();
      this.m_SPRequest.SetIgnoreCanary(bIgnoreCanary);
   }

    [....] some code omitted
 }

by calling EnsureRightsPropagated:

private void EnsureRightsPropagated()
{
  if (this.m_pa.Permissions == this.m_permsAdded)
    return;
  this.m_SPRequest.GrantAdditionalPermissions((ulong) this.m_pa.Permissions);
  this.m_permsAdded = this.m_pa.Permissions;
}

And the latter “assigns” additional permissions for the current SPRequest by calling GrantAdditionalPermissions:

public void GrantAdditionalPermissions(ulong mask)
{

}

Which apparently is an empty method :)

As it seems SPWeb.AllowUnsafeUpdates make a lot out of nothing..

Hope this helps!

Paul.