Explain the following property com.glide.security.check_unsanitized_html

Go to solution
Bhanu31
Tera Contributor

‎10-09-2023 08:49 PM

Hi,

1) Need explanation of how the property (com.glide.security.check_unsanitized_html) will impact the translated_html fields. 

2) What are the list of disallowed html tags after setting this property to 'enforce'
3) Is there any way to delete the property (com.glide.security.check_unsanitized_html)

Thanks in advance.

Best Regards,
ServiceNow Developer.

0 Helpfuls
  • 2,765 Views
1 ACCEPTED SOLUTION

Go to solution
Danish Bhairag2
Tera Sage
Tera Sage

‎10-09-2023 09:11 PM

Hi @Bhanu31 ,

 

Certainly! Here's the explanation for the property `com.glide.security.check_unsanitized_html` and its impact, along with the list of disallowed HTML tags after setting the property to 'enforce':

 

### 1) **Explanation of `com.glide.security.check_unsanitized_html`:**

The property `com.glide.security.check_unsanitized_html` is a security setting in ServiceNow that controls whether the system checks for unsanitized HTML content in fields. When this property is set to `'enforce'`, ServiceNow checks for unsafe HTML content and sanitizes it to prevent potential security vulnerabilities.

 

### 2) **List of Disallowed HTML Tags (After Setting to 'Enforce'):**

When `com.glide.security.check_unsanitized_html` is set to `'enforce'`, ServiceNow disallows certain HTML tags and attributes to prevent security risks. The exact list of disallowed tags and attributes may vary based on the ServiceNow version and patch level, as security policies and restrictions might be updated in newer releases. Generally, common disallowed tags include `<script>`, `<iframe>`, `<object>`, and other tags that can execute scripts or load external content.

 

To get the most accurate and up-to-date information about the disallowed tags in your specific ServiceNow version, you should refer to the official ServiceNow documentation, security advisories, or contact ServiceNow support.

 

### 3) **Deleting the Property (`com.glide.security.check_unsanitized_html`):**

In standard configurations, you cannot delete system properties in ServiceNow. Deleting core system properties can lead to unpredictable behavior and security vulnerabilities. It's highly discouraged to delete or modify fundamental security properties.

 

Instead, if you need to revert to the default behavior or change the setting, you can reset the property to its default value. To reset the property, go to "System Properties" in your ServiceNow instance, find the property `com.glide.security.check_unsanitized_html`, and reset it to its default value.

 

Remember, when dealing with security-related settings, always follow best practices, and consider the implications of your changes to maintain the integrity and security of your ServiceNow instance.

 

Mark my answer as helpful & accepted if it helps you resolve your issue.

 

Thanks,

Danish

View solution in original post

5 REPLIES 5

Go to solution
Danish Bhairag2
Tera Sage
Tera Sage

‎10-09-2023 11:21 PM

Hi @Bhanu31 ,

 

If u are happy with answer could you please mark the solution as accepted & close the thread as it will benefit others whoever will visit your post to find the right answer.

 

Thanks,

Danish

0 Helpfuls