Script includes
-
- UpdatedJan 30, 2025
- 8 minutes to read
- Yokohama
- Building applications
Script includes are used to store JavaScript that runs on the server.
Create script includes to store JavaScript functions and classes for use by server scripts. Each script include defines either an object class or a function.
Consider using script includes instead of global business rules because script includes are only loaded on request. See Privacy settings on client-callable script includes and Discovery script includes for more information.
For additional examples of scripts, see Useful scripts.
Script include form
Script includes have a name, description, and, script. They also specify whether they are active or not, and whether they can be called from a client script. View existing or create a new script include using the Script Include form.
To access script includes, navigate to
.Field | Description |
---|---|
Name | The name of the script include. If you are defining a class, this must match the name of the class, prototype, and type. If you are using a classless (on-demand) script include, the name must match the function name. |
API Name | The internal name of the Script Include. Used to call the Script Include from out-of-scope applications. |
Glide AJAX enabled | The script include is available to client scripts, list/report filters, reference qualifiers, or if specified as part of the URL. Client callable script includes are invoked from GlideAjax and
require that users satisfy an ACL associated with the script include. When selected, the Access Controls Related Link is available. See Privacy settings on client-callable script includes for more information. |
Mobile callable | The script include is available to client scripts called from mobile devices. |
Sandbox enabled | The script include is invoked from the script sandbox, such as a query condition. This method does not require any authentication. For more information about the sandbox, see Configuring Script sandbox property. |
Application | The application where this script include resides. |
Accessible from | Sets which applications can access this script include:
|
Active | Enables the script include when selected. Deselect the active field to disable the script include. |
Description | Provides descriptive content regarding the script include. |
Script | Defines the server side script to run when called from other
scripts. The script must define a single JavaScript class or a global function. The class or function name must match the Name field. |
Package | The package that contains this script include. |
Created by | The user who created this script include. |
Updated by | The user who most recently updated this script include. |
Protection policy | Sets the level of protection for the script include:
|
Related lists on the form view: | |
Versions | Shows all versions of the script include. Use this list to compare versions or to revert to a previous version. See Versions. |
Access Controls | Becomes available when the Client callable check box is selected and is hidden from standard script includes. Use to protect a CCSI against unauthorized use when public access is not granted. |
Use script includes
Script includes are found under System Definition or System UI. You can call existing script includes from a script or create a new script include.
To create an entirely new script include, you can follow the format of any of the existing
script includes. In this example, the name of your script include is
NewInclude and there is a single function called myFunction
.
It is important that the name of the script include match the name of the class, prototype, and
type. When you create a new script include and give it a name, the system provides a code snippet
with the class and prototype properly set up.
You could then use the myFunction
line like this:
Client-callable script includes
Client Callable Script Includes (CCSI) make the script include available to client scripts, list/report filters, reference qualifiers, or if specified as part of the URL.
Before you begin
Role required: admin
Procedure
Privacy settings on client-callable script includes
Privacy settings for client-callable script includes (CCSI) determine who can access a client-callable script include.
Private privacy-setting
The private privacy-setting means that guests who access public pages cannot access the client-callable script-include. A private script cannot be executed by a non-logged-in user.
Public privacy-setting
A public privacy-setting means that the client script can be executed by non-logged-in users that create an appropriate HTTP request. This can create a security problem if the client script provides confidential information.
- GlideSystemAjax
- SysMessageAjax
- KnowledgeMessagingAjax
- KnowledgeAjax
- PasswordResetAjax
Set privacy on all client-callable script includes
Change the privacy setting on all client-callable script includes.
To provide further control over all client-callable script includes, administrators can add the glide.script.ccsi.ispublic property. This property changes the visibility of client-callable script includes by making them all public or private. Configure the property as follows:
Title | Property |
---|---|
Name | glide.script.ccsi.ispublic |
Type | true|false |
Value | false |
Change privacy on a single client callable script include
Change the privacy setting for a single client-callable script include by adding the isPublic() function.
The isPublic() setting takes precedence over the glide.script.ccsi.ispublic property. For example, if the property is set to false, making all client-callable script-includes private, and a script sets isPublic() to true, the script is public.
To change the privacy for a single client-callable script include, add the following method to the script include:
Example
Security on client callable script includes
Protect your client callable script include (CCSI) against unauthorized use. For all CCSI records which are created a customer application, recommendations display that may help reduce security risk.
When creating a CCSI, the system displays the following security recommendations if they have not yet been configured:
- Add or define an Access Control, unless the CCSI has public access.
- Use GlideRecordSecure instead of GlideRecord API for
better security, if the script queries the database.Note: To disable the security recommendation messages, set the property glide.script.ccsi.customer_scoped.security_msgs_enabled to false in the sys_properties table. The default value is set to true.
See Instance Security Hardening Settings for additional information on security compliance.
Discovery script includes
Discovery script includes define JavaScript classes that you can use to accomplish Discovery tasks.
Using GlideRecordUtil to Work with GlideRecords
GlideRecordUtil is a utility class that provides methods that are useful for working with GlideRecords during Discovery. Refer to GlideRecordUtil for descriptions of available methods.
Getting a GlideRecord Instance
Getting All the Fields In a GlideRecord
Populating GlideRecord Object Fields
Getting Table Hierarchies
Using DiscoveryException and AutomationException
When writing Discovery sensors and sensor-related scripts, you may want to use DiscoveryException or AutomationException to indicate that an exception has come from Discovery.
The above example also applies for AutomationException. DiscoveryException is typically used to provide exception processing specifically for Discovery, while AutomationException is used for exception processing that applies to both Orchestration and Discovery.