Disable AJAXEvaluate
Use the glide.script.allow.ajaxevaluate to protect the system API from vulnerabilities of Client script execution through AJAX calls.
Elevation to the security_admin role is required to edit the property.
Warning:
This is a safe harbor property, meaning the value can't be altered once it's changed. It is non-revertible.
More information
| Attribute | Description |
|---|---|
| Property name | glide.script.allow.ajaxevaluate |
| Configuration type | System Properties (/sys_properties_list.do) |
| Category | Validation, sanitization, and encoding |
| Purpose | To prevent a user from executing scripts as an admin privilege. |
| Recommended value | false |
| Default value | false |
| Configuration type | Boolean |
| Functional impact | This remediation forces the AJAXEvaluate processor to be turned off. It could impact functionality if you are explicitly using the AJAX evaluate processor as part of any customized scripts. |
| Security risk | (High) The AjaxEvaluator processor executes Client scripts in sandbox, however there are several additional properties which can allow the scope of activities in the sandbox to expand or be turned off entirely. |
| Security risk rating | 7.3 |
| References | This property belongs to the same family of properties that secure and restrict
execution of scripts originating from the client:
|
To learn more about adding or creating a system property, see Add a system property.