SN System Properties Reference
Property reference

glide.stax.allow_entity_resolution

The glide.stax.allow_entity_resolution property disables entity resolution and expansion for the XMLDocument2 parser when set to false. Admins should care about this setting to control how XML data is processed and ensure it meets their application's requirements.

Default: false Type: boolean Application: Global

Key questions about this property

The answers below summarize the purpose, scope, default effect, and review scenarios for this property.

What does it do? This property determines whether entity resolution and expansion are enabled for the XMLDocument2 parser, affecting how XML data is interpreted.
What area does it affect? XML parsing configuration
What does the default mean? The default value is "false", which means this behavior is disabled by default.
When should you review it? Review this property when configuring XML data processing or troubleshooting related issues.

Out of the box property record

Raw metadata from the property record.

Property name glide.stax.allow_entity_resolution
Sys ID 42b796f3770130100b9df0ec8e5a9923
Type boolean
Application Global
Default value false
Description Setting this property to false will disable all entity resolution and expansion when using the XMLDocument2 parser
Updated 2024-05-25 04:01:33

Sources

Official references and nearby text excerpts where this property appears.

Documentation excerpt View supporting context
Context preview Snippet 1
... Documentation sn_SE10215 1 Suggest Optional: Entity Validation should be disabled An attacker can leverage this to expand data exponentially, quickly consuming all system resources. Either update the value of the glide.stax.allow_entity_resolution system property to false OR insert this system property with a value of false. Documentation sn_SE10216 1 Suggest Email Domain restrictions If the property is not enabled, an attacker might ...
Documentation excerpt View supporting context
Context preview Snippet 2
... Duplicate/Missing Comments in Activity Stream (UI 16) [KB2122007] . • Type: true | false • Default value: false • Location: Add a system property to the System Property [sys_properties] table. glide.stax.allow_entity_resolution Determines whether XML entities can be expanded during parsing by the streaming parser. For more information, see Disable Entity Expansion within the XMLDocument2 Streaming Parser . © 2026 ServiceNow, Inc. ...
Documentation excerpt View supporting context
Context preview Snippet 3
... archived tables will be ignored, an action which is counterintuitive and may lead to authorization bypass. Disable Entity Expansion within the XMLDocument2 Streaming Parser • Description ◦(Old‎ <blank> ◦(New‎ If "glide.stax.allow_entity_resolution" is not set to the recommended value of "false", then this property allow XML entities to be expanded during parsing by the streaming parser (XMLDocument2‎. © 2026 ServiceNow, Inc. All ...
Additional source link Another external reference for this property
Open reference