What is a System Property?
A System Property in ServiceNow serves as a configuration setting, storing crucial information related to the system. These properties cover a broad range of details, including parameters for system behavior, performance, and security.
An example is the System Property glide.ui.escape_html_list_field, which controls the escaping behavior specifically for HTML tags in ServiceNow.
Why is this an issue?
The glide.ui.escape_html_list_field system property plays a crucial role in enforcing the escape of all HTML tags. When its value is set to false, it opens the door to potential problems within HTML content rendering.
One prominent issue that arises is Cross-Site Scripting (XSS), a security vulnerability that empowers attackers to compromise user interactions within a vulnerable application.
This is particularly crucial in ServiceNow, especially when managing clients across multiple companies, as the risk of unauthorized access and potential information leakage is a concern.
How do I fix it?
To fix this issue, it is necessary to set the glide.ui.escape_html_list_field property to true. To do so, follow these steps:
In the Filter Navigator, type and enter sys_properties.list.
Search for
glide.ui.escape_html_list_field.Set Value column to true.