Script sandbox evaluator

  • Release version: Australia
  • Updated May 5, 2026
  • 1 minute to read

    • The script sandbox evaluator helps prevent executing untrusted scripts on an instance by limiting the APIs available to scripts.

    Scripts that run in the script sandbox evaluator can use features supported by the JavaScript engine and the sandbox environment, except for certain restricted methods. Untrusted scripts are processed by the script sandbox evaluator under the following conditions:

    • A script has been granted a guarded-script exemption (manually or automatically).
    • When guarded script is in Phase 1: Detection, and a script is sent to the server by an authenticated user.

    For more information about guarded-script exemptions and enforcement phases, see Guarded script evaluator.

    Restricted methods with the script sandbox evaluator

    The script sandbox evaluator doesn't permit the following methods. Scripts using these methods fail to execute in the sandbox.

    Note:
    The GlideSystem (gs) methods log(), logError(), and logWarning() can be enabled for use with the script sandbox evaluator by setting the glide.security.sandbox_no_logging system property to false.
    Table 1. Restricted methods
    Class Method
    GlideRecord
    • deleteMultiple()
    • deleteRecord()
    • getRowCount()
    • insert()
    • update()
    • updateMultiple()
    GlideSystem (gs)
    • addErrorMessage()
    • addInfoMessage()
    • addMessage()
    • eventQueue()
    • flushMessages()
    • getEscapedProperty()
    • getProperty()
    • log()
    • logError()
    • logWarning()
    • setProperty()
    • setRedirect()
    • setReturn()
    • workflowFlush()
    ScopedGlideRecord
    • deleteMultiple()
    • deleteRecord()
    • insert()
    • update()
    • updateMultiple()
    ScopedGlideSystem (gs)
    • addErrorMessage()
    • addInfoMessage()
    • debug()
    • eventQueue()
    • executeNow()
    • getProperty()
    • getSessionToken()
    • info()
    • setRedirect()
    GlideDateTime
    • add()
    • addDays()
    • addDaysLocalTime()
    • addDaysUTC()
    • addMonths()
    • addMonthsLocalTime()
    • addSeconds()
    • addWeeks()
    • addYears()
    • compareTo()
    • getDate()
    • getDayOfWeek()
    • getDayOfWeekUTC
    • getDayOfWeekLocalTime()
    • getDayOfMonth()
    • getDayOfMonthLocalTime()
    • getDayOfMonthNoTZ()
    • getDayOfWeek()
    • getDayOfWeekLocalTime()
    • getDayOfWeekUTC()
    • getHourOfDayLocalTime()
    • getHourOfDayUTC()
    • getDaysInMonth()
    • getDaysInMonthUTC()
    • getDaysInMonthLocalTime()
    • getDisplayValueInternal()
    • getDisplayValue()
    • getLocalDate()
    • getMonthLocalTime()
    • getMonthNoTZ()
    • getMonthUTC()
    • getNumericValue()
    • getTime()
    • getTZOffset()
    • getYear()
    • getUserTimeZone()
    • getWeekOfYearLocalTime()
    • getWeekOfYearUTC()
    • getYearUTC()
    • getYearLocalTime()
    • isDST()
    • onOrAfter()
    • onOrBefore()
    • setDayOfMonthUTC()
    • setDisplayValue()
    • setMonth()
    • setNumericValue()
    • setTZ()
    • setValue()
    • setValueUTC()
    • subtract()
    • toString()
    GlideDate GlideDate supports the same methods as GlideDateTime, as well as:
    • getByFormat()
    • getDayOfMonthNoTZ()
    • getMonthNoTZint()
    • parseDate()
    GlideTime GlideTime supports the same methods as GlideDateTime, as well as:
    • getByFormat()
    • getHourLocalTime()
    • getHourOfDayLocalTime()
    • getHourOfDayUTC()
    • getMinutesLocalTime()
    • getMinutesUTC()
    • getSeconds()
    GlideSchedule
    • add()
    • isInSchedule()
    • Load()
    • whenNext()