Client Generated Scripts Sandbox should be enabled
Impact area
Security
Severity
High
Affected element
System property
Rule ID
SN-0188Impact
In some circumstances it is possible for the client to generate arbitrary script code and send it for evaluation to the server. For instance, by using the API call AJAXEvaluate, and by specifying Javascript formulas in query filters. Enabling Generated Script Sandboxing increases security by running these scripts inside a reduced rights sandbox.
Remediation
Set the system property "glide.script.use.sandbox" to true.
Time to fix
15 min
References
This rule is linked to Common Weakness Enumeration CWE-150 Improper Neutralization of Escape.