Enforce HTML Sanitization

Community Alums
Not applicable

‎07-07-2025 12:12 PM - edited ‎07-07-2025 12:48 PM

Hello there!

 

I'm trying to understand a suggestion made by health scan:

Enforce HTML Sanitization

...and I know what a HTML sanitized is, but my doubt is more about the propertie we should to set as 'enforced' for that:

glide.security.check_unsanitized_html

In servicenow documentation there is a warning that says that once this property is set as enforced, it can't be reversed.

LeoSan_0-1751915383488.png

 

Do you have experience with that? What is the impact of enabling this propierty? Can this cause errors of any kind?

 

0 Helpfuls
  • 592 Views
3 REPLIES 3

Anvin
Tera Expert

‎07-07-2025 12:25 PM

HTML is one of the types that can be assigned to the dictionary fields. Assigning HTML fields to any field type provides the functionality to format content using HTML tags (for example, <p><a href><b><font><img>). To prevent malicious activity, certain HTML tags can be disallowed using a block list. This property will prevent disallowed tags from being used in translated_html fields on your instance.

 

Functional Impact: his remediation enforces HTML sanitization to occur on the UI and renders translated html fields to the user. It can have an impact on readability and formatting.

Doc URL: https://www.servicenow.com/docs/bundle/vancouver-platform-security/page/administer/security/referenc...

0 Helpfuls

Anvin
Tera Expert
In response to Anvin

‎07-07-2025 12:28 PM

Also, the property value should be 'enforce'

0 Helpfuls

Community Alums
Not applicable
In response to Anvin

‎07-08-2025 11:44 AM

Do you know how to test if this property works?

0 Helpfuls