PrashantLearnIT
Tera Sage
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
12-12-2023
05:44 AM
Cross-Site Scripting (XSS) is a security vulnerability that can occur in web applications and allows an attacker to inject malicious code into a web page that is viewed by other users. This can result in sensitive information being stolen, or malicious actions being performed by the attacker on behalf of the victim.
ServiceNow provides a platform for IT service management and digital workflow solutions. To prevent XSS attacks, ServiceNow has a system property called glide.html.escape_script, which can be set to true to enforce JavaScript escaping in HTML fields during list views.
Here's an example of how this property works:
| Setting | Result |
|---|---|
glide.html.escape_script = false |
A malicious attacker can insert JavaScript code into an HTML field by embedding it within <script></script> tags. This code will execute when a user views the table record, potentially compromising their session information and sensitive data. |
glide.html.escape_script = true |
The JavaScript code within the <script></script> tags is escaped, and the malicious code is not executed. This helps to prevent XSS attacks and keep the user's data safe. |
In conclusion, it's important to be aware of the security risks associated with XSS attacks and to take measures to prevent them. Setting the glide.html.escape_script property to true in ServiceNow is one step in the right direction to secure your web application and keep your user's data safe.
If my content helped you in anyway, please mark this content as BOOKMARK, SUBSCRIBE & HELPFUL
Best Regards,
Prashant Kumar (LearnIT)
YouTube Channel LearnIT: https://www.youtube.com/@learnitwithprashant
Blog LearnIT: https://medium.com/@LearnITbyPrashant
Prashant Kumar LinkedIn: https://www.linkedin.com/in/learnitbyprashant/
ServiceNow Community Prashant Kumar - https://www.servicenow.com/community/user/viewprofilepage/user-id/19635
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
