Enforce client generated scripts sandbox [Updated in Securty Center 1.3]
-
- UpdatedFeb 1, 2024
- 2 minutes to read
- Washington DC
- Platform Security
Use the glide.script.use.sandbox property to enable script sandboxing.
There are two cases in the ServiceNow AI Platform that enable the client to send scripts to the server for evaluation:
- Filters or queries
- It is legal to send a filter to the server such as
assigned_to=JavaScript:getMyGroups()
. - System API
- API call enables the client to run arbitrary scripts on the server and receive a response.
- Only those business rules marked client callable are available within the sandbox.
- Only script includes marked client callable are available within the sandbox.
- Certain API calls (largely, but not entirely, limited to ones dealing with direct DB access are not allowed.
- You can't insert, update, or delete data from within the sandbox. For example, any calls to
current.update()
, are ignored. If you run the ServiceNow AI Platform without enabling script sandboxing, none of these restrictions apply.
Warning: This is a safe harbor property, meaning the value can't be altered once it's changed. It is non-revertible.
More information
To learn more about adding or creating a system property, see Add a system property.