Disable AJAXEvaluate
Use the glide.script.allow.ajaxevaluate to protect the system API from vulnerabilities of Client script execution through AJAX calls.
Elevation to the security_admin role is required to edit the property.
Warning:
This is a safe harbor property, meaning the value can't be altered once it's changed. It is non-revertible.
More information
| Attribute | Description |
|---|---|
| Property name | glide.script.allow.ajaxevaluate |
| Configuration type | System Properties (/sys_properties_list.do) |
| Category | Validation, sanitization, and encoding |
| Purpose | To prevent a user from executing scripts as an admin privilege. |
| Recommended value | false |
| Default value | false |
| Configuration type | Boolean |
| Functional impact | This remediation forces the AJAXEvaluate processor to be turned off. It could impact functionality if you are explicitly using the AJAX evaluate processor as part of any customized scripts. |
| Security risk | (High) The AjaxEvaluator processor executes Client scripts in sandbox, however there are several additional properties which can allow the scope of activities in the sandbox to expand. |
| Security risk rating | 7.3 |
| References | This property belongs to the same family of properties that secure and restrict execution of scripts originating from the client, such as glide.script.allow.ajaxevaluate. For more information, see Enable AJAXEvaluate. |
To learn more about adding or creating a system property, see Add a system property.