Turn on glide.ui.security.allow_codetag

Not applicable

Hi,

Our users have asked to enable HTML rendering so that links appear as hyperlinks in journal fields on forms.
I found the property glide.ui.security.allow_codetag that can help with this - https://docs.servicenow.com/bundle/paris-platform-administration/page/administer/security/reference/allow-embedded-html-code.html
As per the link above, ServiceNow does not recommend to set the property to TRUE.
The controversy is that this property allows to use [code][/code] tags and render HTLM properly (hyperlinks, styles etc.), which is quite useful feature. But there is a risk that someone can write harmful HTML JS code that may be executed on a different client browser after rendering of journal fields.
Could you please share your experience/best practices of using the property "glide.ui.security.allow_codetag"? Would you recommend using it?

Thank you

 

 

1 ACCEPTED SOLUTION

Ankur Bawiskar
Tera Patron
Tera Patron

Hi,

You have already pointed out the effects of enabling that.

Inform the business team on the same and share them the docs link as best practice the recommended value is false so they should also keep it false

Allow embedded HTML code

Regards
Ankur

Regards,
Ankur
✨ Certified Technical Architect  ||  ✨ 9x ServiceNow MVP  ||  ✨ ServiceNow Community Leader

View solution in original post

2 REPLIES 2

Ankur Bawiskar
Tera Patron
Tera Patron

Hi,

You have already pointed out the effects of enabling that.

Inform the business team on the same and share them the docs link as best practice the recommended value is false so they should also keep it false

Allow embedded HTML code

Regards
Ankur

Regards,
Ankur
✨ Certified Technical Architect  ||  ✨ 9x ServiceNow MVP  ||  ✨ ServiceNow Community Leader

Hi @Ankur

 

However, Service Now already uses html formatted code, in the knowledge. What is the difference regarding security ?