SN System Properties Reference
Property reference

glide.ui.attachment.download_mime_types

The glide.ui.attachment.download_mime_types property specifies which attachment MIME types should not be rendered inline in the browser. This setting helps prevent cross-site scripting attacks by ensuring certain file types are downloaded instead of displayed directly.

Default: text/html,image/svg,image/svg+xml,application/xml Type: string Application: Global

Key questions about this property

The answers below summarize the purpose, scope, default effect, and review scenarios for this property.

What does it do? It configures a list of attachment MIME types that will trigger a download instead of inline rendering, enhancing security against potential threats.
What area does it affect? Attachment handling
What does the default mean? The default value is "text/html,image/svg,image/svg+xml,application/xml", which is the baseline setting used unless it is changed.
When should you review it? Review this property when configuring security settings for file attachments or updating MIME type policies.

Out of the box property record

Raw metadata from the property record.

Property name glide.ui.attachment.download_mime_types
Sys ID 13d5b60337111000705f80f7bcbe5d1d
Type string
Application Global
Default value text/html,image/svg,image/svg+xml,application/xml
Description A list of comma separated attachment mime types that do not render inline in the browser. This will prevent cross site scripting attacks. For example, text/html will force html files to be downloaded to the client as attachments rather than viewed inline in the browser.
Updated 2024-05-25 04:37:27

Sources

Official references and nearby text excerpts where this property appears.

Documentation excerpt View supporting context
Context preview Snippet 1
... context, the property should be populated with a list of comma-separated attachment mime types that should not render inline in the browser. Ex: text/html Either update the value of the glide.ui.attachment.download_mime_types system property to trusted file types such as text/csv,text/ html,image/svg,image/ svg+xml,application/ xml, application/xhtml +xml OR insert this system property with a value of the trusted file types. Documentation sn_SE10195 1 ...
Documentation excerpt View supporting context
Context preview Snippet 2
... be minor information disclosure if this property is not set securely. Restrict downloadable MIME types • Description ◦(Old‎ <blank> ◦(New‎ If the property "glide.ui.attachment.force_download_all_mime_types" is set to true, then the "glide.ui.attachment.download_mime_types" property will be overridden so that all © 2026 ServiceNow, Inc. All rights reserved. ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, ...
Additional source link Another external reference for this property
Open reference