SN System Properties Reference
Property reference

glide.html.sanitize_all_fields

The glide.html.sanitize_all_fields property controls the sanitization of HTML fields across the ServiceNow platform. When enabled, it ensures that all HTML content is sanitized to prevent potential security risks, making it crucial for maintaining data integrity and security.

Default: true Type: boolean Application: Global

Key questions about this property

The answers below summarize the purpose, scope, default effect, and review scenarios for this property.

What does it do? This property enables or disables the global sanitization of HTML fields, affecting how HTML content is processed throughout the system.
What area does it affect? HTML field processing
What does the default mean? The default value is "true", which means this behavior is enabled by default.
When should you review it? Review this property when configuring security settings or troubleshooting HTML content issues.

Out of the box property record

Raw metadata from the property record.

Property name glide.html.sanitize_all_fields
Sys ID 9ddca9968d30021087de63ac7f1f0061
Type boolean
Application Global
Default value true
Description Controls sanitization behavior of html fields on a global level.
Updated 2024-05-25 03:57:08

Sources

Official references and nearby text excerpts where this property appears.

Documentation excerpt View supporting context
Context preview Snippet 1
... to false OR insert this system property with a value of false. sn_SE10154 1 Act HTMLSanitizer validation should be enabled Client-side cross-site scripting attacks. Either update the value of the glide.html.sanitize_all_fields system property to true OR insert this system property with a value of true. Documentation sn_SE10155 1 Act Strict security should be enabled for SOAP requests Unauthorized user can get ...
Documentation excerpt View supporting context
Context preview Snippet 2
... System Property [sys_properties] table glide.html.escape_script Enables (true) or disables (false) JavaScript tags in HTML fields. • Type: true | false • Default value: true • Location: System Property [sys_properties] table glide.html.sanitize_all_fields Specifies whether all HTML fields are sanitized to remove unwanted code (true) or not (false). • Type: true | false • Default value: true • Location: System Property [sys_properties] table ...
Documentation excerpt View supporting context
Context preview Snippet 3
... HTML Sanitizer [Updated in Security Center 1.3] • Description ◦(Old‎ <blank> ◦(New‎ This property controls sanitization behavior of HTML fields on a global level from a backend Java context. If "glide.html.sanitize_all_fields" is not set to the recommended value of "true", then, the ServiceNow instance is open to XSS in HTML fields. • security risk © 2026 ServiceNow, Inc. All rights reserved. ...
Additional source link Another external reference for this property
Open reference