Restrict access to GlideSystemUserSession scriptable API [Updated in Security Center 1.3]

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 1 minute to read

    • The client callable GlideSystemUserSessionSandbox scriptable API exposes GlideSystemUserSession's addErrorMessageNoSanitization and addInfoMessageNoSanitization methods to the javascript sandbox. This allows all users to call this method via script.

    When set to true, a sandboxed user session is allowed to call information or error messages without sanitization. A warning will be logged when the message is called. When set to false, the call is not allowed.
    Warning:
    This is a safe harbor property, meaning the value can't be altered once it's changed. It is non-revertible.

    More information

    Attribute Description
    Property name glide.sandbox.usersession.allow_unsanitized_messages
    Configuration type System Properties (/sys_properties_list.do)
    Category Access control
    Purpose This property will restrict unsanitized informational or error messages from being called in a sandboxed user session.
    Type boolean
    Recommended value false
    Default value true
    Security risk rating 8.1
    Functional impact Set the property with the value false will result in no message creation or logging should those functions get called.
    Security risk (High) Without appropriate sanitization, potentially dangerous content may be accessed and the unsanitized error function is available to script.
    References Access Control