Escape HTML (instance security hardening)

Use the glide.ui.escape_html_list_field property to force HTML escapes for HTML fields in a list view.

HTML is one of the types that can be assigned to the dictionary fields. Assigning HTML fields to any field type provides the functionality to format content using HTML codes (for example, <p>, <a href>, <b>, <font>, <img>). A malicious user can inject HTML code within the form field to execute unwanted scripts on different client/user sessions.

Set this property to true to perform an HTML escaping before the records/fields are rendered in the browser when the table appears as a list view.
If set to false, and you select that column in a list view when viewing a table or record listing, these HTML formatted fields may appear.

More information


Attribute	Description
Property name	glide.ui.escape_html_list_field
Configuration type	System Properties (/sys_properties_list.do)
Configure in Instance Security Center	Yes
Purpose	To prevent application against cross-site scripting attacks
Recommended value	true
Functional impact	(Medium) This remediation enforces HTML encoding to occur on the UI at the HTML parser level and thus renders back encoded results to the user. It can have a functionality impact based on the instance user interaction with the resulted data.
Security risk	(High) Input validation must occur on the application to defend against cross-site scripting attacks. These attacks enable foreign scripts to execute on user sessions in the logged in browser's context. Attackers can use it to steal session information and sensitive data.
References	High Security Settings

To learn more about adding or creating a system property, see Add a system property.

Escape HTML (instance security hardening)

Use the glide.ui.escape_html_list_field property to force HTML escapes for HTML fields in a list view.

Set this property to true to perform an HTML escaping before the records/fields are rendered in the browser when the table appears as a list view.
If set to false, and you select that column in a list view when viewing a table or record listing, these HTML formatted fields may appear.

More information


Attribute	Description
Property name	glide.ui.escape_html_list_field
Configuration type	System Properties (/sys_properties_list.do)
Configure in Instance Security Center	Yes
Purpose	To prevent application against cross-site scripting attacks
Recommended value	true
Functional impact	(Medium) This remediation enforces HTML encoding to occur on the UI at the HTML parser level and thus renders back encoded results to the user. It can have a functionality impact based on the instance user interaction with the resulted data.
Security risk	(High) Input validation must occur on the application to defend against cross-site scripting attacks. These attacks enable foreign scripts to execute on user sessions in the logged in browser's context. Attackers can use it to steal session information and sensitive data.
References	High Security Settings

To learn more about adding or creating a system property, see Add a system property.

How search works:

Topics are ranked in search results by how closely they match your search terms

Escape HTML

Escape HTML (instance security hardening)

More information

On this page

Escape HTML

Escape HTML (instance security hardening)

More information

Log in to personalize your search results and subscribe to topics