SN System Properties Reference
Property reference

glide.ui.escape_all_script

The glide.ui.escape_all_script property forces all scripts injected in Jelly to be escaped by default. This helps prevent script injection attacks, and administrators should review it to ensure security measures align with their application needs.

Default: true Type: boolean Application: Global

Key questions about this property

The answers below summarize the purpose, scope, default effect, and review scenarios for this property.

What does it do? This property ensures that all scripts in Jelly are escaped, enhancing security against potential vulnerabilities.
What area does it affect? Jelly script execution
What does the default mean? The default value is "true", which means this behavior is enabled by default.
When should you review it? Review this property when configuring security settings or updating application scripts.

Out of the box property record

Raw metadata from the property record.

Property name glide.ui.escape_all_script
Sys ID 3e7fde301b111000b4a49e3bcc0713f5
Type boolean
Application Global
Default value true
Description Forces all scripts injected in Jelly to be escaped by default. Use noesc: to preserve special characters.
Updated 2024-05-25 04:20:54

Sources

Official references and nearby text excerpts where this property appears.

Documentation excerpt View supporting context
Context preview Snippet 1
... link all recommendations. Topic linking is a way to "acknowledge" a recommendation if you have an existing topic. The Topics/ Requests VA Can Handle tab is not displayed System property glide.ui.escape_all_script is not set to True. Navigate to ALL > sys_properties.list (or ALL sys_properties_list.do). Search for and select glide.ui.escape_all_script, then set its Value to True. Topic Recommendations interface reference The Topic ...
Documentation excerpt View supporting context
Context preview Snippet 2
... of true. Documentation sn_SE10147 1 Act Jelly data input should be validated through the use of escaping Injection attacks can occur causing security risks. Either update the value of the glide.ui.escape_all_script system property to true OR insert this system property with a value of true. Documentation sn_SE10148 1 Act JavaScript data input should be validated through the use of escaping Injection ...
Documentation excerpt View supporting context
Context preview Snippet 3
... ◦(New‎ This property escapes all the JS and HTML strings included in <j:jelly> ... </j:jelly> before they are written to the output stream, preventing several XSS issues from occurring. If "glide.ui.escape_all_script" is not set to the recommended value of "true", then escaping of scripts injected into Jelly is disabled. • security risk ◦(Old‎ <blank> ◦(New‎ Without this mitigation, the platform becomes ...
Additional source link Another external reference for this property
Open reference