glide.ui.attachment.download_mime_types

ServiceNow property description:

A list of comma separated attachment mime types that do not render inline in the browser. This will prevent cross site scripting attacks. For example, text/html will force html files to be downloaded to the client as attachments rather than viewed inline in the browser.

Attributes

  • Sys ID: 13d5b60337111000705f80f7bcbe5d1d
  • Type: string
  • Application: Global
  • Default value: text/html,image/svg,image/svg+xml,application/xml
AI Logo

AI generated property description:

The ServiceNow property `glide.ui.attachment.download_mime_types` specifies a list of comma-separated MIME types for attachments that should not be rendered inline in the browser. This property enhances security by preventing certain types of files from being displayed directly in the browser, thereby mitigating the risk of cross-site scripting (XSS) attacks. For instance, if `text/html` is included in this list, HTML files will be forced to download as attachments rather than being viewed inline. This ensures that potentially malicious scripts embedded in these files are not executed in the user's browser. The property is particularly useful for controlling how different types of content are handled and ensuring a safer user experience.

Source

Related property: glide.ui.attachment.force_download_all_mime_types