"Allow Javascript tags in Embedded HTML" property should be disabled
Impact area
Security
Severity
High
Affected element
System property
Rule ID
SN-0197Impact
Journal fields have the ability to render text enclosed within code tags as HTML. There is an associated security risk, since any malicious user can write JS code that may be executed on a different client browser after the journal fields are rendered.
Remediation
Set the glide.ui.security.codetag.allow_script property to false to disable support for embedding Javascript tags using the [code] tag.
Time to fix
15 min
References
This rule is linked to Common Weakness Enumeration CWE-150 Improper Neutralization of Escape.