SN System Properties Reference
Property reference

glide.ui.escape_scratchpad

The glide.ui.escape_scratchpad property ensures that string values stored in the scratchpad are properly escaped. Admins should care about this setting to prevent cross-site scripting vulnerabilities that could arise from unescaped script inputs.

Default: true Type: boolean Application: Global

Key questions about this property

The answers below summarize the purpose, scope, default effect, and review scenarios for this property.

What does it do? This property controls the escaping of string values in the scratchpad to enhance security against cross-site scripting attacks.
What area does it affect? Scratchpad security
What does the default mean? The default value is "true", which means this behavior is enabled by default.
When should you review it? Review this property when configuring security settings or troubleshooting potential vulnerabilities.

Out of the box property record

Raw metadata from the property record.

Property name glide.ui.escape_scratchpad
Sys ID e5df09a153612200772961af3ec58719
Type boolean
Application Global
Default value true
Description Escape string values stored in the scratchpad. Disabling creates cross site scripting vulnerability if a script can be passed into the scratchpad.
Updated 2024-05-25 04:37:15

Sources

Official references and nearby text excerpts where this property appears.

Documentation excerpt View supporting context
Context preview Snippet 1
... server that can be accessed in the browser. An admin can script anything to be on it, including arbitrary data from arbitrary records. • Security Risk ◦(Old‎ <blank> ◦(New‎ If "glide.ui.escape_scratchpad" is not set to the recommended value of "true", then it is possible to execute malicious script like a cross-site scripting vulnerability. Require authorization for PDF requests • Description ◦(Old‎ ...
Additional source link Another external reference for this property
Open reference