Home Orlando Now Platform App Engine Now Platform App Engine APIs and scripts Scripts Server-side scripting Script includes

Script includes

Script includes are used to store JavaScript that runs on the server.

Create script includes to store JavaScript functions and classes for use by server scripts. Each script include defines either an object class or a function.

Consider using script includes instead of global business rules because script includes are only loaded on request.

Script include form

Script includes have a name, description and script. They also specify whether they are active or not, and whether they can be called from a client script.

To access script includes, navigate to System Definitions > Script Includes.

Table 1. Script include form
Field	Description
Name	The name of the script include. If you are defining a class, this must match the name of the class, prototype, and type. If you are using a classless (on-demand) script include, the name must match the function name.
Client callable	Makes the script include available to client scripts, list/report filters, reference qualifiers, or if specified as part of the URL.
Application	The application where this script include resides.
Accessible from	Sets which applications can access this script include: All application scopes Can be accessed from any application scope. This application scope only Can be accessed only from the current application scope.
Active	Enables the script include when selected. Uncheck the active field to disable the script include.
Description	Provides descriptive content regarding the script include.
Script	Defines the server side script to run when called from other scripts. The script must define a single JavaScript class or a global function. The class or function name must match the Name field.
Package	The package that contains this script include.
Created by	The user who created this script include.
Updated by	The user who most recently updated this script include.
Protection policy	Sets the level of protection for the script include: None Allows anyone to read and edit this downloaded or installed script include. Read-only Allows anyone to read values from this downloaded or installed script include. No one can change script values on the instance on which they download or install the script include. Protected Provides intellectual property protection for application developers. Customers who download the script include cannot see the contents of the script field. The script is encrypted in memory to prevent unauthorized users from seeing it in plain text.
Related lists on the form view:
Versions	Shows all versions of the script include. Use this list to compare versions or to revert to a previous version. See Versions.

Use script includes

Script includes are found under System Definition or System UI. You can call existing script includes from a script.

To create an entirely new script include, you can follow the format of any of the existing script includes. In the example, the name of your Script Include is 'NewInclude' and there is a single function called 'myFunction.' It is important that the name of the script include match the name of the class, prototype, and type. When you create a new script include and give it a name, the system provides you a code snippet with the class and prototype set up properly.

var NewInclude =Class.create();
 
NewInclude.prototype={
   initialize :function(){},
 
   myFunction :function(){//Put function code here},
 
   type :'NewInclude'};

You could then use the 'myFunction' line like this:

var foo =new NewInclude();
foo.myFunction();

Note: Try not to modify a ServiceNow supplied script include. If you want a script include that does something similar to an existing one, copy it and make changes to the copy or consider extending the object. This is a common practice when using GlideAjax.

Privacy settings

The privacy setting for a client-callable script-include can be public or private. Most client-callable script-includes are marked private by default.

The private privacy-setting means that guests who access public pages cannot access the client-callable script-include. A private script cannot be executed by a non-logged-in user.

A public privacy-setting means that the client script can be executed by non-logged-in users that create an appropriate HTTP request. This can create a security problem if the client script provides confidential information.

The following script includes remain public by default because public pages need to access them:

GlideSystemAjax
SysMessageAjax
KnowledgeMessagingAjax
KnowledgeAjax
PasswordResetAjax

Change privacy on all client-callable script includes

How to change the privacy on all client-callable script includes.

To provide further control over all client-callable script includes, administrators can add the property glide.script.ccsi.ispublic. This property changes the visibility of client-callable script includes by making them all public or private. Configure the property as follows:

Table 2. Configure property
Title	Property
Name	glide.script.ccsi.ispublic
Type	true\|false
Value	false

Figure 1. Client-callable script includes public property

Note: To learn more about this property, see Privacy on client-callable script includes (instance security hardening) in Instance Security Hardening Settings.

Change privacy on a single client callable script include

Change the privacy setting for a single client-callable script include by adding the isPublic() function.

The isPublic() setting takes precedence over the glide.script.ccsi.ispublic property. For example, if the property is set to false making all client-callable script-includes private, and a script sets isPublic() to true, the script is public.

To change the privacy for a single client-callable script include, add the following method to the script include:

  isPublic:function(){return[true/false];},

Example

An example to make the client script NewInclude private.

var NewInclude =Class.create();
 
NewInclude.prototype={
   initialize:function(){},
 
   myFunction:function(){//Put function code here},
   isPublic:function(){return false;},
 
   type:'NewInclude'};

Note: To learn more about this property, see Privacy on client-callable script includes (instance security hardening) in Instance Security Hardening Settings.

Previous topic

Next topic

Send feedback

Release version

Script includes

Script includes are used to store JavaScript that runs on the server.

Create script includes to store JavaScript functions and classes for use by server scripts. Each script include defines either an object class or a function.

Consider using script includes instead of global business rules because script includes are only loaded on request.

Script include form

Script includes have a name, description and script. They also specify whether they are active or not, and whether they can be called from a client script.

To access script includes, navigate to System Definitions > Script Includes.

Table 1. Script include form
Field	Description
Name	The name of the script include. If you are defining a class, this must match the name of the class, prototype, and type. If you are using a classless (on-demand) script include, the name must match the function name.
Client callable	Makes the script include available to client scripts, list/report filters, reference qualifiers, or if specified as part of the URL.
Application	The application where this script include resides.
Accessible from	Sets which applications can access this script include: All application scopes Can be accessed from any application scope. This application scope only Can be accessed only from the current application scope.
Active	Enables the script include when selected. Uncheck the active field to disable the script include.
Description	Provides descriptive content regarding the script include.
Script	Defines the server side script to run when called from other scripts. The script must define a single JavaScript class or a global function. The class or function name must match the Name field.
Package	The package that contains this script include.
Created by	The user who created this script include.
Updated by	The user who most recently updated this script include.
Protection policy	Sets the level of protection for the script include: None Allows anyone to read and edit this downloaded or installed script include. Read-only Allows anyone to read values from this downloaded or installed script include. No one can change script values on the instance on which they download or install the script include. Protected Provides intellectual property protection for application developers. Customers who download the script include cannot see the contents of the script field. The script is encrypted in memory to prevent unauthorized users from seeing it in plain text.
Related lists on the form view:
Versions	Shows all versions of the script include. Use this list to compare versions or to revert to a previous version. See Versions.

Use script includes

Script includes are found under System Definition or System UI. You can call existing script includes from a script.

var NewInclude =Class.create();
 
NewInclude.prototype={
   initialize :function(){},
 
   myFunction :function(){//Put function code here},
 
   type :'NewInclude'};

You could then use the 'myFunction' line like this:

var foo =new NewInclude();
foo.myFunction();

Privacy settings

The privacy setting for a client-callable script-include can be public or private. Most client-callable script-includes are marked private by default.

The private privacy-setting means that guests who access public pages cannot access the client-callable script-include. A private script cannot be executed by a non-logged-in user.

The following script includes remain public by default because public pages need to access them:

GlideSystemAjax
SysMessageAjax
KnowledgeMessagingAjax
KnowledgeAjax
PasswordResetAjax

Change privacy on all client-callable script includes

How to change the privacy on all client-callable script includes.

Table 2. Configure property
Title	Property
Name	glide.script.ccsi.ispublic
Type	true\|false
Value	false

Note: To learn more about this property, see Privacy on client-callable script includes (instance security hardening) in Instance Security Hardening Settings.

Change privacy on a single client callable script include

Change the privacy setting for a single client-callable script include by adding the isPublic() function.

To change the privacy for a single client-callable script include, add the following method to the script include:

  isPublic:function(){return[true/false];},

Example

An example to make the client script NewInclude private.

var NewInclude =Class.create();
 
NewInclude.prototype={
   initialize:function(){},
 
   myFunction:function(){//Put function code here},
   isPublic:function(){return false;},
 
   type:'NewInclude'};

Note: To learn more about this property, see Privacy on client-callable script includes (instance security hardening) in Instance Security Hardening Settings.

How search works:

Topics are ranked in search results by how closely they match your search terms

Script includes

Script includes

Script include form

Use script includes

Privacy settings

Change privacy on all client-callable script includes

Change privacy on a single client callable script include

On this page

Script includes

Script includes

Script include form

Use script includes

Privacy settings

Change privacy on all client-callable script includes

Change privacy on a single client callable script include

Log in to personalize your search results and subscribe to topics