SN System Properties Reference
Property reference

glide.ui.escape_text

The glide.ui.escape_text property ensures that XML values are escaped at the parser level for the user interface. This prevents reflected and stored cross-site scripting attacks, making the application more secure by default.

Default: true Type: boolean Application: Global

Key questions about this property

The answers below summarize the purpose, scope, default effect, and review scenarios for this property.

What does it do? This property enables the escaping of XML values to mitigate cross-site scripting vulnerabilities within the user interface.
What area does it affect? User Interface Security
What does the default mean? The default value is "true", which means this behavior is enabled by default.
When should you review it? Review this property when assessing application security measures or during security audits.

Out of the box property record

Raw metadata from the property record.

Property name glide.ui.escape_text
Sys ID a7e8db450a0a0b0a308ab5de09733d15
Type boolean
Application Global
Default value true
Description Escape XML values at the parser level for the user interface. This will prevent reflected and stored cross site scripting attacks.
Updated 2024-05-25 04:03:31

Sources

Official references and nearby text excerpts where this property appears.

Documentation excerpt View supporting context
Context preview Snippet 1
... parser level for the user interface. It prevents reflected and stored cross- site scripting attacks. This property is not applicable in Service Portal. • Security Risk ◦(Old‎ <blank> ◦(New‎ If "glide.ui.escape_text" is not set to the recommended value of "true", then XML values will not be escaped at the parser level for the user interface; this will leave jelly templates susceptible ...
Documentation excerpt View supporting context
Context preview Snippet 2
... use access This is a product update. Access Control PRB1981898 Need properties for better control of the scope where a security attribute script gets evaluated Activity Stream PRB1996382 When setting glide.ui.escape_text to 'false', forms break 1. Open any Zurich instance. 2. Upload the sys_properties file for glide.ui.escape_text. 3. Run a /cache.do. 4. Load any relevant record, such as 'Incident'. © 2026 ...
Additional source link Another external reference for this property
Open reference