Escape XML should be enabled

Rule ID

Impact

Input validation has to occur on the application to defend against cross-site scripting attacks which would allow foreign scripts to execute on user session in the logged in browser's context. This can be leveraged by attackers to steal session information and sensitive data.

Remediation

Set the system property " glide.ui.escape_text" to true.

Time to fix

15 min

References

This rule is linked to Common Weakness Enumeration CWE-150 Improper Neutralization of Escape.