- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-25-2021 03:36 AM
Hi,
Our users have asked to enable HTML rendering so that links appear as hyperlinks in journal fields on forms.
I found the property glide.ui.security.allow_codetag that can help with this - https://docs.servicenow.com/bundle/paris-platform-administration/page/administer/security/reference/allow-embedded-html-code.html
As per the link above, ServiceNow does not recommend to set the property to TRUE.
The controversy is that this property allows to use [code][/code] tags and render HTLM properly (hyperlinks, styles etc.), which is quite useful feature. But there is a risk that someone can write harmful HTML JS code that may be executed on a different client browser after rendering of journal fields.
Could you please share your experience/best practices of using the property "glide.ui.security.allow_codetag"? Would you recommend using it?
Thank you
Solved! Go to Solution.
- Labels:
-
Platform and Cloud Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-25-2021 03:44 AM
Hi,
You have already pointed out the effects of enabling that.
Inform the business team on the same and share them the docs link as best practice the recommended value is false so they should also keep it false
Regards
Ankur
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-25-2021 03:44 AM
Hi,
You have already pointed out the effects of enabling that.
Inform the business team on the same and share them the docs link as best practice the recommended value is false so they should also keep it false
Regards
Ankur
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-03-2023 01:21 AM
Hi @Ankur,
However, Service Now already uses html formatted code, in the knowledge. What is the difference regarding security ?