Enable HTML Sanitizer within Virtual Agent

Release version: Australia

Updated March 12, 2026

1 minute to read

Use the com.glide.cs.html.sanitizer.enabled property to enable HTMLSanitizerService.

The com.glide.cs.html.sanitizer.enabled system property controls the whether the HtmlSanitizerService is enabled. If com.glide.cs.html.sanitizer.enabled is not set to true, then a Stored Cross-Site Scripting (XSS) attack is possible in the VA web client.

Ensure that the property com.glide.cs.html.sanitizer.enabled is set to true.

Warning:

This is a safe harbor property, meaning the value can't be altered once it's changed. It is non-revertible.

More information


Attribute	Description
Configuration name	com.glide.cs.html.sanitizer.enabled
Configuration type	System Properties (/sys_properties_list.do)
Data type	Boolean
Recommended value	true
Default value	<none>
Fallback value	true
Category	Validation, sanitization, and encoding
Security risk	Severity score: 8.0 CVSS rating: High Security risk details: An XSS vulnerability can facilitate privilege escalation to higher-level roles, such as administrator, enabling broader lateral movement within the system.
Functional impact	This remediation enforces HTML-output encoding mechanism before the user data is rendered back to the user. If customer has any customization that involves rendering of the HTML attribute or content data, then there is a functionality impact.
Dependencies and prerequisites	None