SN System Properties Reference
Property reference

glide.ui.security.codetag.allow_script

The glide.ui.security.codetag.allow_script property enables the use of JavaScript within embedded HTML code tags. Admins should consider enabling this property when they need to allow dynamic content in their applications, as its default setting is false.

Default: false Type: boolean Application: Global

Key questions about this property

The answers below summarize the purpose, scope, default effect, and review scenarios for this property.

What does it do? This property allows JavaScript to be included within embedded HTML code tags, affecting how content is rendered in the application.
What area does it affect? HTML rendering security
What does the default mean? The default value is "false", which means this behavior is disabled by default.
When should you review it? Review this property when implementing features that require JavaScript in embedded HTML.

Out of the box property record

Raw metadata from the property record.

Property name glide.ui.security.codetag.allow_script
Sys ID bfab06e40a0a0bad000348fafbba0453
Type boolean
Application Global
Default value false
Description Allow embedded HTML (using [code] tags) to contain Javascript tags
Updated 2024-05-25 03:56:49

Sources

Official references and nearby text excerpts where this property appears.

Documentation excerpt View supporting context
Context preview Snippet 1
... of false. Documentation sn_SE10152 1 Act JavaScript tags in Embedded HTML should be disabled Leveraged by attackers to steal session information and sensitive data. Either update the value of the glide.ui.security.codetag.allow_script system property to false OR insert this system property with a value of false. Documentation sn_SE10153 1 Act AJAXEvaluate API AJAXEvaluate can allow arbitrary JavaScript to execute on the client ...
Documentation excerpt View supporting context
Context preview Snippet 2
... users. • Security Risk ◦(Old‎ <blank> ◦(New‎ External users could unwillingly be given permissions to the CMDB model. Disable JavaScript tags in embedded HTML • Description ◦(Old‎ <blank> ◦(New‎ If "glide.ui.security.codetag.allow_script" is not set to the recommended value of "false", then this property allows rendered HTML in journal fields and forms which opens room for XSS attacks. Malicious HTML needs to ...
Additional source link Another external reference for this property
Open reference