Escape scripts in scratchpad [Updated in Security Center 1.3]
Learn how scratchpad factors into the security posture of your instance and how to manage it so that malicious scripts can't be executed on it.
The scratchpad is an easy way to set information on the server that you can access in the browser. An admin can script anything to be on it, including arbitrary records. If this property is not set to the recommended value of true, then it is possible to execute malicious scripts like a cross-site scripting vulnerability.
More information
| Attribute | Description |
|---|---|
| Configuration name | glide.ui.escape_scratchpad |
| Configuration type | System Properties (/sys_properties_list.do) |
| Data type | Boolean |
| Recommended value | true |
| Default value | true |
| Category | Validation, sanitization, and encoding |
| Security risk |
|
| Dependencies and prerequisites | None |
| References | Workflow administration |