SN System Properties Reference
Property reference

glide.ui.security.allow_codetag

The glide.ui.security.allow_codetag property enables the use of the [code] tag for embedding HTML code. Admins should consider this setting when managing security and content display in their ServiceNow instance.

Default: true Type: boolean Application: Global

Key questions about this property

The answers below summarize the purpose, scope, default effect, and review scenarios for this property.

What does it do? This property allows HTML code embedding through the [code] tag, affecting how content is rendered in the platform.
What area does it affect? HTML content rendering
What does the default mean? The default value is "true", which means this behavior is enabled by default.
When should you review it? Review this property when adjusting security settings or content display options.

Out of the box property record

Raw metadata from the property record.

Property name glide.ui.security.allow_codetag
Sys ID 0195d82e0a0a0bb90032f678026a1a98
Type boolean
Application Global
Default value true
Description Allow support for embedding HTML code by using the [code] tag.
Updated 2024-05-25 04:36:18

Sources

Official references and nearby text excerpts where this property appears.

Documentation excerpt View supporting context
Context preview Snippet 1
... Universal Request. Universal Request application uses HTML mark-up to render comments that are copied between UR and the child tickets. This feature uses [CODE] tags, which are controlled by the glide.ui.security.allow_codetag property value that is set to true by default. If you change this property value to false, comments may not render properly, and HTML tags might appear in your comments. ...
Documentation excerpt View supporting context
Context preview Snippet 2
... a value of true. Documentation sn_SE10151 1 Act Embedded HTML code should be disabled Leveraged by attackers to steal session information and sensitive data. Either update the value of the glide.ui.security.allow_codetag system property to false OR insert this system property with a value of false. Documentation sn_SE10152 1 Act JavaScript tags in Embedded HTML should be disabled Leveraged by attackers to ...
Documentation excerpt View supporting context
Context preview Snippet 3
... fields can render text enclosed within code tags as HTML. Before you begin • Role required: any role that grants write access to a journal field • System property: the glide.ui.security.allow_codetag is set to the default value of true Note: To learn more about this property, see Allow JavaScript tags in embedded HTML (instance security hardening) in Instance Security Hardening Settings. ...
Documentation excerpt View supporting context
Context preview Snippet 4
... risk, however some small risk remains. It disables only the script portion of a code tag, and relies on sanitizing all known conventions of script in the HTML. Set the glide.ui.security.allow_codetag system property to false to completely prohibit journal fields and forms from displaying rendered HTML. The ServiceNow AI Platform mitigates many injection and cross-site attacks by implementing escaping and encoding ...
Additional source link Another external reference for this property
Open reference