Escape scripts in scratchpad [Updated in Security Center 1.3]

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 1 minute de lecture

    • Learn how scratchpad factors into the security posture of your instance and how to manage it so that malicious scripts can't be executed on it.

    The scratchpad is an easy way to set information on the server that you can access in the browser. An admin can script anything to be on it, including arbitrary records. If this property is not set to the recommended value of true, then it is possible to execute malicious scripts like a cross-site scripting vulnerability.

    More information

    Attribute Description
    Configuration name glide.ui.escape_scratchpad
    Configuration type System Properties (/sys_properties_list.do)
    Data type Boolean
    Recommended value true
    Default value true
    Category Validation, sanitization, and encoding
    Security risk
    • Severity score: 6.5
    • CVSS score: Medium
    • Security risk details: If the property is not set to the recommended value of true, then it is possible to execute malicious scripts like a cross-site scripting vulnerability.
    Dependencies and prerequisites None
    References Workflow administration