New Script Include Features in ServiceNow Xanadu: Mobile Callable & Sandbox Enabled
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-07-2025 09:25 PM
Hi ServiceNow Folks,
Today, I came across a scenario where I needed to write a Script Include in ServiceNow. While working on the task using the ServiceNow Xanadu version, I noticed some updates to the Script Include configuration:
Client Callable Field Updated:
The Client Callable field label has been renamed to Glide AJAX Enabled, making its purpose clearer for enabling GlideAjax calls from the client-side.Two New Fields Introduced:
Mobile Callable:
This field allows developers to make a Script Include accessible from mobile applications. By marking a Script Include as mobile callable, server-side code can be triggered seamlessly from mobile devices, improving integration and performance for mobile users.Sandbox Enabled:
When this field is set to true, the Script Include runs in a secure, restricted environment called the sandbox. This limits the script's access to certain APIs and resources, enhancing security by preventing potentially harmful or unauthorized operations. It is especially beneficial for scoped applications or when stricter controls are required.
These updates reflect ServiceNow's continued efforts to enhance usability and security for developers.
Has anyone else explored these new fields in Xanadu? I'd love to hear how you're leveraging Mobile Callable and Sandbox Enabled in your use cases.
If feel this information is useful, Please mark response as Helpfuls.
Thank you
Regards,
Keshav
- 2,144 Views
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-07-2025 10:23 PM
Hello Keshav,
It’s great to hear that you’ve been exploring the new fields in ServiceNow's Xanadu version. The updates to Script Include configuration certainly seem promising for enhancing both usability and security. The Glide AJAX Enabled label indeed makes it clearer for enabling client-side calls.
The addition of Mobile Callable and Sandbox Enabled fields will definitely help in making Script Includes more versatile and secure. It’s fascinating how these features can improve integration with mobile applications and provide a secure, restricted environment for executing server-side code.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
4 weeks ago
Weighing in a bit late here, but it doesn't seem that Sandbox enabled makes the Script include more secure - quite the opposite!
The docs about the field Sandbox enabled:
The script include is available to scripts invoked from the script sandbox, such as a query condition.
For more information about the sandbox, see Configuring Script sandbox property.
---
There seems to be a confusion around the Script sandbox system property and the checkbox on script includes. The latter does not make the script include more secure, it merely allows sandbox client scripts to contact the script include.
The script include will not lose access to any API methods such as GlideRecord or anything like that.
