Restrict access to GlideSystemUserSession scriptable API [Updated in Security Center 1.3 and 2.0]

  • Release version: Zurich
  • Updated July 31, 2025
  • 1 minute to read

    • The client callable GlideSystemUserSessionSandbox scriptable API exposes GlideSystemUserSession's addErrorMessageNoSanitization and addInfoMessageNoSanitization methods to the JavaScript sandbox. This allows all users to call this method via script.

    gs.addErrorMessageNoSanitizationMessaging() and gs.addInfoMessageNoSanitization() are used within the scripting environment for logging and notifications. Both of these are available in the sandbox if this property is not set to the recommended value of false. The sandbox is a low privileged scripting environment available to unauthenticated and no role users. Both of these methods can be used to display unsanitized input to a user. Displaying unsanitized input to the user is dangerous, as unsanitized input may contain dangerous code that runs in the user's browser. This can be utilized for traditional reflected XSS attacks. Reflected XSS attacks can be used in multiple scenarios, including session hijacking.

    Set glide.sandbox.usersession.allow_unsanitized_messages system property to false. If there is not record of this property in the System Properties [sys_properties] table, create one.

    Warning:
    This is a safe harbor property, meaning the value can't be altered once it's changed. It is non-revertible.

    More information

    Attribute Description
    Property name glide.sandbox.usersession.allow_unsanitized_messages
    Configuration type System Properties (/sys_properties_list.do)
    Category Access control
    Purpose This property will restrict unsanitized informational or error messages from being called in a sandboxed user session.
    Type Boolean
    Recommended value false
    Default value true
    Security risk rating 8.1
    Functional impact Set the property with the value false will result in no message creation or logging should those functions get called.
    Security risk (High) Without appropriate sanitization, potentially dangerous content may be accessed and the unsanitized error function is available to script.
    References Access control