Use the glide.ui.security.allow_codetag property to disable support for embedding HTML code created using the [code] tag.

The Now Platform mitigates many injection and cross-site attacks by implementing escaping and encoding techniques. As a result, users can't write/submit HTML formatted inputs for journal fields. But journal fields can render text enclosed within code tags as HTML.
  • However, there is an associated security risk. If set to true, malicious users can write harmful HTML JS code that may be executed on a different client browser after rendering of journal fields.
  • Set this property to false so that administrators can prevent journal fields from rendering HTML code by disabling support for the [code] tag.

More information

To learn more about adding or creating a system property, see Add a system property.