SN System Properties Reference
Property reference

glide.ui.jelly.js_interpolation.protect

The glide.ui.jelly.js_interpolation.protect property determines whether JavaScript interpolation is protected in Jelly scripts. Admins should review this setting to ensure security and prevent unintended code execution in their applications.

Default: true Type: string Application: Global

Key questions about this property

The answers below summarize the purpose, scope, default effect, and review scenarios for this property.

What does it do? This property enables or disables protection against JavaScript interpolation in Jelly scripts, enhancing security by preventing potential code injection vulnerabilities.
What area does it affect? Jelly scripting
What does the default mean? The default value is "true", which is the baseline setting used unless it is changed.
When should you review it? Review this property when configuring Jelly scripts or addressing security concerns.

Out of the box property record

Raw metadata from the property record.

Property name glide.ui.jelly.js_interpolation.protect
Sys ID 49357dde8d34021087de63ac7f1f00ca
Type string
Application Global
Default value true
Description
Updated 2024-05-25 04:40:43

Sources

Official references and nearby text excerpts where this property appears.

Documentation excerpt View supporting context
Context preview Snippet 1
... of true. Documentation sn_SE10156 1 Act Jelly interpolation should be enabled JEXL injection can lead to both Cross Site Request Forgery and Code Execution Either update the value of the glide.ui.jelly.js_interpolation.protect system property to true OR insert this system property with a value of true. Documentation sn_SE10157 1 Act Escaping Excel formulas should be enabled Malicious formulae pose a risk even ...
Documentation excerpt View supporting context
Context preview Snippet 2
... fields tracked from the Incident Communication Plan form in the activity formatter. • Type: string • Default value: opened_by, work_notes, comments, severity, estd_distruption_time, actual_disruption_time • Location: System Property [sys_properties] table glide.ui.jelly.js_interpolation.protect Enables or disables interpolation protection. If enabled, potentially dangerous Jelly expressions are wrapped with a filter that escapes the results or generates a SecurityException for possible security issues. For more ...
Documentation excerpt View supporting context
Context preview Snippet 3
... States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated. 222 Documentation Updates ◦(Old‎ <blank> ◦(New‎ If "glide.ui.jelly.js_interpolation.protect" is not set to the recommended value of "true", then dangerous jelly expressions interpolated in JavaScript are allowed and user can execute code using jelly template. Require AJAXGlideRecord ACL checking ...
Additional source link Another external reference for this property
Open reference