How to use HTML sanitizer white list

miyu
Tera Guru

‎02-16-2022 04:25 PM

I want to whitelist the Notes protocol in html sanitizer.
I'm trying to implement it by referring to the following document, but I don't know how to do it.
I have edited Script Include as follows.

find_real_file.png
And I have entered the following in the HTML field I added to Incident.

find_real_file.png
However, it gets sanitized.

find_real_file.png
Is there a wrong way?

Preview file
10 KB
Preview file
14 KB
Preview file
8 KB
0 Helpfuls
  • 1,525 Views
2 REPLIES 2

Hitoshi Ozawa
Giga Sage
Giga Sage

‎02-17-2022 06:39 PM

The problem is with the quotation mark in the <a> tag.

In the example, double quotation mark is “ while it should be ".

https://docs.servicenow.com/bundle/sandiego-platform-administration/page/administer/security/concept...

If the quotation mark is fixed, it will work as expected.

<p><a title="Lotus" href="Notes: //ABC/X575C90019DE33/ABC594DCB76D86EB4925653E0011C4C1/ZZ90B7E2D33964749257EEA003456FD" rel="nofollow">Lotus</a></p>

Execution result:

find_real_file.png

Preview file
4 KB

miyu
Tera Guru
In response to Hitoshi Ozawa

‎02-17-2022 10:04 PM

Thank you very much. It is no longer sanitized.
By the way, why can't I seem to go to the link destination when I click on the Lotus link I created?
I don't understand the behavior of the sanitized whitelist, so please tell me.

0 Helpfuls