The client callable GlideSystemUserSessionSandbox scriptable API exposes GlideSystemUserSession's addErrorMessageNoSanitization and addInfoMessageNoSanitization methods to the javascript sandbox. This allows all users to call this method via script.

When set to true, a sandboxed user session is allowed to call information or error messages without sanitization. A warning will be logged when the message is called. When set to false, the call is not allowed.

More information

Attribute	Description
Property name	glide.sandbox.usersession.allow_unsanitized_messages
Configuration type	System Properties (/sys_properties_list.do)
Configurable in Instance Security Center	Yes
Purpose	This property will restrict unsanitized informational or error messages from being called in a sandboxed user session.
Type	true | false boolean
Recommended value	false
Security Dependencies	The value for this property is a safe override and cannot be altered once changed.
Functional Impact	Set the property with the value false will result in no message creation or logging should those functions get called.
Security risk	(High) Without appropriate sanitization, potentially dangerous content may be accessed and the unsanitized error function is available to script.
References	Access Control Safe override

To learn more about adding or creating a system property, see Add a system property.