SN System Properties Reference
Property reference

glide.ui.escape_html_list_field

The glide.ui.escape_html_list_field property determines whether HTML content in list view fields is escaped. When enabled, it prevents HTML from rendering, ensuring that potentially harmful scripts are not executed in the user interface.

Default: true Type: boolean Application: Global

Key questions about this property

The answers below summarize the purpose, scope, default effect, and review scenarios for this property.

What does it do? This property controls the escaping of HTML in list view fields, enhancing security by preventing script execution.
What area does it affect? List view display
What does the default mean? The default value is "true", which means this behavior is enabled by default.
When should you review it? Review this property when configuring list views or addressing security concerns related to HTML content.

Out of the box property record

Raw metadata from the property record.

Property name glide.ui.escape_html_list_field
Sys ID b2cd46a60a0a0baa6a050c2e6de902cf
Type boolean
Application Global
Default value true
Description Escape HTML for HTML fields in a list view
Updated 2024-05-25 04:36:42

Sources

Official references and nearby text excerpts where this property appears.

Documentation excerpt View supporting context
Context preview Snippet 1
... significant and unrestricted. sn_SE10146 1 Act HTML data input should be validated through the use of escaping Injection attacks can occur causing security risks. Either update the value of the glide.ui.escape_html_list_field system property to true OR insert this system property with a value of true. Documentation sn_SE10147 1 Act Jelly data input should be validated through the use of escaping Injection ...
Documentation excerpt View supporting context
Context preview Snippet 2
... <blank> ◦(New‎ text/html,image/svg,image/svg +xml,application/xml Escape HTML in list views [Updated in Security Center 1.3 and 1.5] • Description ◦(Old‎ This property helps sanitize list view displaying of HTML fields. If "glide.ui.escape_html_list_field" is not set to the recommended value of "true", then a malicious user can inject HTML code within the form field to execute unwanted scripts on different client/user sessions. This ...
Additional source link Another external reference for this property
Open reference