Client Generated Scripts Sandbox should be enabled

Rule ID

Impact

In some circumstances it is possible for the client to generate arbitrary script code and send it for evaluation to the server. For instance, by using the API call AJAXEvaluate, and by specifying Javascript formulas in query filters. Enabling Generated Script Sandboxing increases security by running these scripts inside a reduced rights sandbox.

Remediation

Set the system property "glide.script.use.sandbox" to true.

Time to fix

15 min

References

This rule is linked to Common Weakness Enumeration CWE-150 Improper Neutralization of Escape.