We've updated the ServiceNow Community Code of Conduct, adding guidelines around AI usage, professionalism, and content violations. Read more

side effects to turn on glide.ui.security.allow_codetag

georgechen
Kilo Guru

‎06-11-2017 03:58 PM

Hey folks,

I was wondering if any side effects to turn on glide.ui.security.allow_codetag in Istanbul patch 5 release.     Based on the Audit Compliance recommendations, the default setting on this option is on,   please refer to Search

however, none of the finding at my end has found it has a negative impact to the instance ?

Would anyone advise ?

Thanks in advance.

  • 3,495 Views
8 REPLIES 8

georgechen
Kilo Guru
In response to Venkat122

‎01-31-2018 02:06 PM

Hi Giri,


The impact of disabling glide.ui.security.allow_codetag that I am aware of is that the html tag will not take effect any more but showing as plain text. e.g if you had <a href='https://www.google.com'>Click here to open Google</a>.   It displays literally the text "<a href='https://www.google.com'>Click here to open Google</a>", instead of hyperlink of 'Click here to open Google'


Thanks,


0 Helpfuls

abdul guelzim
Giga Contributor
In response to georgechen

‎10-31-2018 11:55 AM

This also impacts the ability to attach KBAs to a ticket form that have rich text.  Is there any remedy to that while keeping glide.ui.security.allow_codetag setting to 'No'?

0 Helpfuls

guythatusesserv
Tera Contributor

‎08-24-2023 09:41 AM

I know this is an old post, but it came up in search, so I thought I'd share a couple of affected items in case others need to know.

 

1. MS Teams integration.  The MS Teams integration writes HTML to the work notes fields that is illegible if this property is set to false.  We opened a support ticket and the answer is basically, yep, either set the property to true or have poorly formatted notes from MS Teams.  See image.

MS Teams.png

2. Discovery logs - Discovery does certain logs to journal fields that are not very legible.  We set the property to true in our dev environment so the Discovery team is able to easily understand the notes from Discovery.

IulianaB
Tera Contributor

2 weeks ago

Hi everyone, 

I just tested this and apparently portals are affected too, when you post a message on a case/request, you have to input the text in a rich text field to add it to the journal entry of the case. i just put plain text and posted it looks like this, I don't think many people will appreciate the formatting. 

I have attached a snip from my Business Portal with the property set to false.

Preview file
61 KB
0 Helpfuls