SN System Properties Reference
Property reference

glide.html.escape_script

The glide.html.escape_script property escapes JavaScript tags in HTML fields to prevent script injection. Admins should ensure this property is enabled to maintain security and protect against potential vulnerabilities in user-generated content.

Default: true Type: boolean Application: Global

Key questions about this property

The answers below summarize the purpose, scope, default effect, and review scenarios for this property.

What does it do? This property ensures that JavaScript tags are escaped in HTML fields, enhancing security by preventing script execution.
What area does it affect? HTML field security
What does the default mean? The default value is "true", which means this behavior is enabled by default.
When should you review it? Review this property when assessing security measures for user input handling.

Out of the box property record

Raw metadata from the property record.

Property name glide.html.escape_script
Sys ID 9766c4fb7f0000015fb2e4506e8b5e90
Type boolean
Application Global
Default value true
Description Escape JavaScript tags in HTML fields
Updated 2024-05-25 03:56:23

Sources

Official references and nearby text excerpts where this property appears.

Documentation excerpt View supporting context
Context preview Snippet 1
... of true. Documentation sn_SE10148 1 Act JavaScript data input should be validated through the use of escaping Injection attacks can occur causing security risks. Either update the value of the glide.html.escape_script system property to true OR insert this system property with a value of true. Documentation sn_SE10150 1 Act Client- script queries should be validated There is a potential for an ...
Documentation excerpt View supporting context
Context preview Snippet 2
... option for media in the HTML Editor. The media attaches, but doesn't load in the HTML Editor. • Type: string • Default value: youtube.com,player.vimeo.com,vimeo.com • Location: System Property [sys_properties] table glide.html.escape_script Enables (true) or disables (false) JavaScript tags in HTML fields. • Type: true | false • Default value: true • Location: System Property [sys_properties] table glide.html.sanitize_all_fields Specifies whether all HTML ...
Documentation excerpt View supporting context
Context preview Snippet 3
... && propertyValue.toLowerCase () != 'true') { gs.print(property); } } • CVSS score ◦(Old‎ 4.4 ◦(New‎ 3.8 Escape JavaScript [Updated in Security Center 1.3] • Description ◦(Old‎ <blank> ◦(New‎ The property "glide.html.escape_script" helps sanitize HTML fields. If "glide.html.escape_script" is not set to the recommended value of "true", then inputs will not be sanitized for HTML fields (output encoding‎ from a backend Java ...
Additional source link Another external reference for this property
Open reference