HTML Help text

Brian Lancaster
Tera Sage

‎04-21-2016 08:49 AM

Does anybody know of a way to make it so that HTML shows in the help test now that ServiceNow is escaping it?   We obviously do not want to set glide.ui.escape_text to false.   Just wondering if there are any other workarounds before we have to upgrade to Fuji Patch 12 Hot fix 1.   We have tables setup to show what the different choices mean on a list collector.

0 Helpfuls
  • 6,680 Views
37 REPLIES 37

Blair5
Tera Guru
In response to venkatiyer1

‎05-03-2016 07:36 AM

Venkat,



Not sure if I captured what you want to see but see attached.


5-3-2016 10-27-33 AM.jpg


Preview file
171 KB
0 Helpfuls

venkatiyer1
Giga Guru
In response to Blair5

‎05-03-2016 08:40 AM

Hi Blair,



We are in different releases and versions so that is why it is not working. When you upgrade to Geneva UI16, the code that i have suggested would work as ServiceNow has moved from Tables to Div for implemetation. The below script already suggested by Brian should work for your case. But you might want to flag this change as you might have to change this code once you move into Geneva UI16.





$j(function($){

       $('table.help_table td:first-child:not([data-htmlized=true])').each(function(){

               var help = $(this);

               help.data('htmlized','true').html(help.text());

       });

});

Blair5
Tera Guru
In response to venkatiyer1

‎05-03-2016 08:45 AM

Venkat,



I've just decided to use UI pages where we have links. That solved my issue and thankfully there were only a handful that needed to be updated.



Thanks for your help.


0 Helpfuls

venkatiyer1
Giga Guru
In response to Blair5

‎05-03-2016 08:41 AM

Thanks for the screenshot, it was very helpful.


0 Helpfuls

David Christian
Kilo Guru

‎08-15-2016 07:54 AM

I found this script and we are looking at using this:



function onLoad() {  


  // plugin gets initialized later so it needs settimeout to ensure the script is applied later  


  window.setTimeout(function(){  


  $$("div.sc-help-text").each(function(item){  


var textValue = item.innerText;  


$(item).update(textValue);  


});  


  }, 0);  


}  



and are only using it to format the text in the Help Text field.   Does anyone know if that opens it up to the XSS vulnerability that the ServiceNow talks about in: ServiceNow KB: PRB663858: More information tag on Service Catalog Variables turns HTML into escaped ... ?   Does anyone run security scans on their public portal for vulnerability?


0 Helpfuls