Escape HTML in list views [Updated in Security Center 1.3]
-
- UpdatedFeb 1, 2024
- 2 minutes to read
- Vancouver
- Now Platform Security
The Vancouver release is no longer supported. As such, the product documentation and release notes are provided for informational purposes only, and will not be updated.
Use the glide.ui.escape_html_list_field property to force HTML escapes for HTML fields in a list view.
HTML is one of the types that can be assigned to the dictionary fields. Assigning HTML fields to any field type provides the functionality to format content using HTML codes (for example,
<p>
,
<a href>
, <b>
, <font>
, <img>
). A malicious user can inject HTML code within the form field to execute unwanted scripts on different
client/user sessions. - Set this property to false to perform an HTML escaping before the records/fields are rendered in the browser when the table appears as a list view.
- If set to true, and you select that column in a list view when viewing a table or record listing, these HTML formatted fields may appear.
Warning: This is a safe harbor property, meaning the value can't be altered once it's changed. It is non-revertible.
More information
To learn more about adding or creating a system property, see Add a system property.