ServiceNow coding best practice rules

The below table shows the list of ServiceNow coding best practices that are checked by Quality Clouds.

The severity, area of impact and affected element for each best practice validation are also detailed.

The update set scan feature includes a sub-set of these checks.

Download free now!

Our new development report is out and features insights into how ServiceNow platforms evolved over the last year.

Download here

Description

Severity

Area of impact

Affected element

Included in Instance Scan

Included in Live Check Scan

Included in Update Set Scan

Business Rules defined on the Global table

High

Scalability

Business Rule

Unused Inactivity Monitors

High

Performance

Inactivity Monitors

Potential Recursive Business Rules

High

Performance

Business Rule

GlideRecord usage on Client Scripts

High

Performance

Client Script / Portal Widget

Too many fields in a Form Section

Medium

Performance

Form Section

Business Rules using GlideRecord and getRowCount

Medium

Scalability

Business Rule

High Security Settings plugin disabled

High

Security

Plugin

Client Scripts with the console.log debugging method

Medium

Performance

Client Script

Client Scripts without function

Medium

Scalability

Client Script

Modules pointing to big tables without filter

Medium

Performance

Module

Document Object Model (DOM) manipulation in Client UI Actions

High

Manageability

UI Action

The default system User Preference "Rows per Page" set above 100

Medium

Performance

User Preference

JDBC Data Sources with "Use last run datetime" option unchecked

Warning

Performance

Data Source

Transform Maps with "Run business rules" option enabled

Low

Performance

Transform Map

Business Rules using eval function

High

Security

Business Rule

The "Log/trace level of TaskSLAController" System Property not set to "notice"

Low

Performance

System Property

UI Policy Actions without field effects

Low

Performance

UI Policy Action

Client Scripts defined on the Global table

High

Scalability

Client Script

Business Rules using the SOAP getResponse method

High

Performance

Business Rule

Contextual Security Plugin disabled

High

Security

Plugin

Debugging properties enabled in production environments

Low

Performance

System Property

Client Scripts with empty script field

Low

Performance

Client Script

Document Object Model (DOM) manipulation in UI Policies

High

Manageability

UI Policy

Script Includes using GlideRecord and getRowCount

Medium

Scalability

Script Include

Client UI Actions using GlideRecord

High

Performance

UI Action

Business Rules with hard-coded sys_ids

Medium

Manageability

Business Rule

Client Scripts with hard-coded sys_ids

Medium

Manageability

Client Script

Script Includes with hard-coded sys_ids

Medium

Manageability

Script Include

UI Actions with hard-coded sys_ids

Medium

Manageability

UI Action

Transform Maps with hard-coded sys_ids

Medium

Manageability

Table Transform Map

 

Transform Scripts with hard-coded sys_ids

Medium

Manageability

Transform Script

Forms with too many sections

Low

Performance

Forms

GlideRecord usage on Catalog Client Scripts

High

Performance

Catalog Client Script

Catalog Client Scripts with the console.log debugging method

Medium

Performance

Catalog Client Script

Catalog Client Scripts without function

Medium

Scalability

Catalog Client Script

Document Object Model (DOM) manipulation in Catalog Client Scripts

High

Manageability

Catalog Client Script

Notification Email Scripts with hard-coded sys_ids

Medium

Manageability

Notification Email Scripts

Portal Widgets with hard-coded sys_ids

Medium

Manageability

Portal Widget - Client and Server Scripts

Angular Providers with hard-coded sys_ids

Medium

Manageability

Angular Providers

GlideRecord usage on UI Scripts

High

Performance

UI Script

Workflows with Notification Activities

Medium

Manageability

Workflow

UI Scripts with the console.log debugging method

Medium

Performance

UI Script

UI Scripts without function

Medium

Scalability

UI Script

Document Object Model (DOM) manipulation in UI Scripts

High

Manageability

UI Script

onBefore Business Rules should not update records on other tables.HighPerformanceBusinessRule

onBefore Transform Scripts should only update the target table.HighPerformanceTransform Script

UI Scripts with empty script field

Low

Performance

UI Script

Document Object Model (DOM) manipulation in Catalog UI Policies

NO ESTA EXACTAMENT AIXI A LEXCEL

High

Manageability

Catalog UI policy

Inbound Email Actions with hard-coded sys_ids.MediumManageabilityInbound Email Action

Inbound Email Actions using GlideRecord and getRowCount.MediumScalabilityInbound Email Action

Event Script Action with hard-coded sys_ids.MediumManageabilityScript Action

Event Script Action using GlideRecord and getRowCount.MediumScalabilityScript Action

SOAP Request Strict Security should be enabledHighSecuritySystem Property

Java Package Collection mode and Collection mode override properties should be disabledHighSecuritySystem Property

Client Generated Scripts Sandbox should be enabledHighSecuritySystem Property

Cookies – HTTP Only should be enabledHighSecuritySystem Property

Escape HTML should be enabledHighSecuritySystem Property

CSV Request Authorization should be enabledHighSecuritySystem Property

SSLv2/SSLv3 should be disabledHighSecuritySystem Property

AJAXGlideRecord ACL Checking should be enabledHighSecuritySystem Property

SLA logging level should be set to "notice"HighPerformanceSystem Property

Basic Auth SOAP Requests setting should be enabledHighSecuritySystem Property

Old UI enabled or being used

High

SecuritySystem Property

Script Request Authorization should be enabledHighSecuritySystem Property

Escape Jelly should be enabledHighSecuritySystem Property

Enable AJAXEvaluate should be disabledHighSecuritySystem Property

Anti-CSRF Token setting should be enabledHighSecuritySystem Property

Escape XML should be enabledHighSecuritySystem Property

HTML Sanitizer property should be enabledHighSecuritySystem Property

Client Scripts should not use unsupported
scripting APIs

HighManageabilityClient Scripts

Catalog Client Scripts should not use unsupported
scripting APIs
HighManageabilityCatalog Client Scripts

Creating custom tables in the global scope should be avoided.WarningManageabilityTables

GlideRecord API usage in Scripted REST API Resource.HighSecurityScripted REST API Resource

REST API Resource modifying data without Authentication check.HighSecurityScripted REST API Resource

REST API Resource modifying data without Authorization check.HighSecurityScripted REST API Resource

Modified Out of the Box ElementWarningManageabilityAll elements

handlebars - Prototype Pollution vulnerability on versions greater than or equal to 4.0.0 and less than 4.0.14HighSecurityUI Script




handlebars - Prototype Pollution vulnerability on versions greater than or equal to 3.0.0 and less than 3.0.7HighSecurityUI Script




handlebars - Prototype Pollution vulnerability on versions between 4.0.14 and 4.1.2.HighSecurityUI Script




handlebars - Prototype Pollution vulnerability on versions under 4.0.14.HighSecurityUI Script




handlebars - XSS vulnerability on versions under 4.0.0.MediumSecurityUI Script




Scripts directly call to Java packages - User CriteriaHighManageabilityUser Criteria




Scripts should not use gs.sql - User CriteriaHighManageabilityUser Criteria




Possible PII usage in configuration element (User Criteria) - ReligionWarningSecurityUser Criteria




Possible PII usage in configuration element (User Criteria) - PassportWarningSecurityUser Criteria




Possible PII usage in configuration element (User Criteria) - NationalityWarningSecurityUser Criteria




Possible PII usage in configuration element (User Criteria) - GenderWarningSecurityUser Criteria




Possible PII usage in configuration element (User Criteria) - AddressWarningSecurityUser Criteria




Possible PII usage in configuration element (User Criteria) - EmailWarningSecurityUser Criteria




JavaScript - Avoid making connections on unsafe protocols - User CriteriaWarningSecurityUser Criteria




JavaScript - Avoid use of WebDB - User CriteriaHighSecurityUser Criteria




JavaScript - Avoid unrestricted targetOrigin on cross-domain messaging - User CriteriaHighSecurityUser Criteria




Possible use of private data - User CriteriaWarningSecurityUser Criteria




JavaScript - Avoid use of debugger statements - User CriterialowSecurityUser Criteria




JavaScript - Use === comparison - User CriteriaWarningManageabilityUser Criteria




Usage of gs.cacheFlush() on Scripts - User CriteriahighPerformanceUser Criteria




The glide.xmlutil.max_entity_expansion system property value is not set to 3000.MediumPerformanceSystem Property




Roles assigned to an invalid userlowSecurityRole




Empty roles assigned to groupslowSecurityUser Group




Empty role assigned to a userlowSecurityUser




Usage of getMessage() without preloading message keyhighPerformanceClient Script




User Criteria with hard-coded sys_ids.MediumManageabilityUser Criteria




User Criteria using GlideRecord and getRowCount.MediumScalabilityUser Criteria




The out of the box admin account should not be inactive or locked outhighManageabilityUser




Flows should not use stages that are not defined in a Stage SetMediumManageabilityFlow




The "glide.uxf.js_server.consolidate" System Property is set to "false".MediumPerformanceSystem Property




The "glide.email.smtp.active" System Property is set to "false".highManageabilitySystem Property




The "glide.email.read.active" System Property is set to "false".highManageabilitySystem Property




The "glide.image_provider.security_enabled" System Property is set to "false".highSecuritySystem Property




Integration accounts should not use the admin rolehighSecurityUser




Child group does not contain all parent roleshighSecurityUser Group




Stage sets with duplicates entriesMediumManageabilityStage Set




Workflows should not use stages that are not defined in a Stage SetMediumManageabilityWorkflow




Dot walking to sys_id - Actions.MediumPerformanceAction Type




Actions with hard-coded sys_ids.MediumManageabilityAction Type




Flows should not run using the admin role.MediumSecurityFlow




Groups should not have inactive membershighSecurityUser Group




Naming conventionMediumManageability

Action Type
Benchmark Scheduled Script
Business Rule
Category
Variable
Variable Set
Catalog Client Scripts
Client Script
Catalog UI Policy
Catalog UI Policy Action
Script Action
Field Map
Flow
Form Sections
Form Layout
HTTP Method
Inbound Email Actions
Inactivity Monitor
Module
Email Script
Widget Angular Provider
Widget
Record Producer
Report
Scripted REST Resource
Role
Scheduled Data Collection
Scheduled Data Import Set
Scheduled Email of Custom Chart
Scheduled Email of Query Builder
Scheduled Email of Report
Scheduled Entity Generation
Scheduled Report Summary Generation
Scheduled Script Execution
Service Portal Page
Script Include
SOAP Message Function
Change Record Producer
System Property
Table Transform Map
Transform Script
UI Action
UI Policy
UI Policy Action
UI Page
UI Script
Update Sets
User Group
User Preferences
Workflow Activity
Workflow




HHRR system properties outside the "Human Resource Scoped" categoryhighManageabilitySystem Property




Actions should not be client callablehighSecurityAction Type




Flows should not be client callablehighSecurityFlow




Dictionary entries present for a table that does not existhighManageabilityDictionary




Groups should not have an inactive managerhighSecurityUser Group




Update Sets should not include Knowledge Base articles without review.highSecurityUpdate Sets




Update Sets should not include images without review.highSecurityUpdate Sets




Avoid Creating cross-table Business Rule recursive loopshighPerformanceBusiness Rule




Transform maps with boolean fields in their import set tablehighManageabilityField Map




The assessment_take2 UI page should be publichighManageabilityUI Page




Use of GlideRecord and getRowCountMediumScalability

Access Control
Field Map
Email Script
Widget
Record Producer
Scripted REST Resource
Scheduled Report Summary Generation
Scheduled Script Execution
Table Transform Map
Transform Script
Workflow Activity




Too many delete actions on an Update Set.MediumManageabilityUpdate Sets




Portal pages should not be made publichighSecurityService Portal Page




The Change Request table should not be extended.highManageabilityTable




Portal widgets should not be made publichighSecurityWidget




Forms with duplicate fieldsMediumManageabilityForm Sections




angularjs - XSS vulnerability on versions under 1.8.0, via nested option in select elements.highSecurityUI Script




angularjs - XSS vulnerability on versions under 1.8.0, via JQLite DOM manipulation functions.highSecurityUI Script




tinyMCE - XSS vulnerability on versions between 5.0.0 and 5.1.4, on the core parser, paste and visualcharts plugins.highSecurityUI Script




tinyMCE - XSS vulnerability on versions under 5.4.0, in iframe elements.highSecurityUI Script




tinyMCE - XSS vulnerability on versions under 5.2.2, in media elements.highSecurityUI Script




tinyMCE - XSS vulnerability on versions under 5.1.6, in CDATA elements.highSecurityUI Script




tinyMCE - XSS vulnerability on versions under 4.7.12, in links with XLINK:HREF attributeshighSecurityUI Script




tinyMCE - XSS vulnerability on versions under 4.2.0, in some default config implementationshighSecurityUI Script




tinyMCE - XSS vulnerability on versions under 4.2.4, in media pluginhighSecurityUI Script




tinyMCE - Static Code injection vulnerability on versions under 1.4.2, in inc/function.base.phphighSecurityUI Script




swfobject - XSS vulnerability on versions under 2.1, on swfobject.getQueryParamValue.highSecurityUI Script




Bootstrap - XSS vulnerability on versions between 4.0.0 and 4.3.1, on data-template, data-content and data-title attributes.highSecurityUI Script




Bootstrap - XSS vulnerability on versions under 3.4.1, on data-template, data-content and data-title attributes.highSecurityUI Script




Bootstrap - XSS vulnerability on versions between 4.0.0 and 4.1.2, on data-target attribute.highSecurityUI Script




Bootstrap - XSS vulnerability on versions under 3.4.0, on data-target attribute.highSecurityUI Script




Bootstrap - XSS vulnerability on versions under 2.1.0, on popover / tooltip.highSecurityUI Script




Usage of window objects instead of AngularJS services - Portal Widget clientScripthighManageabilityWidget




Usage of window objects instead of AngularJS serviceshighManageabilityWidget Angular Provider UI Script




Auditing for Update Sets should be enabledhighManageabilitySystem Property




Usage of gs.cacheFlush() on ScriptshighPerformanceAccess Control
Business Rule
Widget
Record Producer
Scripted REST Resource
Scheduled Script Execution
Script Include
Table Transform Map
Transform Script
UI Action




Scheduled Jobs run by deleted usershighManageability

Benchmark Scheduled Script
Scheduled Data Collection
Scheduled Data Import Set
Scheduled Email of Custom Chart
Scheduled Email of Query Builder
Scheduled Email of Report
Scheduled Entity Generation
Scheduled Report Summary Generation
Scheduled Script Execution




Usage of gs.sleep() on Workflow ActivitieshighPerformanceWorkflow Activity




Script Includes with duplicate nameshighManageabilityScript Include




Scheduled imports should not run at the same timehighPerformanceScheduled Data Import Set




Reports should not be made publichighSecurityReport




Usage of current.update in Script Workflow ActivitieshighPerformanceWorkflow Activity




Scheduled Jobs without a dedicated integration userhighSecurity

Benchmark Scheduled Script
Scheduled Data Collection
Scheduled Data Import Set
Scheduled Email of Custom Chart
Scheduled Email of Query Builder
Scheduled Email of Report
Scheduled Entity Generation
Scheduled Report Summary Generation
Scheduled Script Execution




Roles without any userWarningSecurityRole




Usage of getMessage function without a second parameter - Catalog UI Policy scriptFalselowPerformanceCatalog UI Policy




Usage of getMessage function without a second parameter - Catalog UI Policy scriptTruelowPerformanceCatalog UI Policy




Usage of getMessage function without a second parameter - UI Policy scriptFalselowPerformanceUI Policy




Usage of getMessage function without a second parameter - UI Policy scriptTruelowPerformanceUI Policy




Usage of getMessage function without a second parameter - Portal Widget clientScriptlowPerformanceWidget




Usage of getMessage function without a second parameterlowPerformanceCatalog Client Scripts
Client Script
Widget Angular Provider
UI Action
UI Script




Avoid creating unnecessary tables in scoped applications which can impact your licensing cost.lowManageabilityTable




Scripts directly call to Java packageshighManageabilityAccess Control
Business Rule
Widget
Record Producer
Scripted REST Resource
Script Include
Table Transform Map
Transform Script
UI Action




The "glide.login.autocomplete" System Property is set to "true".MediumSecuritySystem Property




Usage of g_form.setValue on a reference field without displayValue - Catalog UI Policy scriptFalsehighPerformanceCatalog UI Policy




Usage of g_form.setValue on a reference field without displayValue - Catalog UI Policy scriptTruehighPerformanceCatalog UI Policy




Usage of g_form.setValue on a reference field without displayValue - UI Policy scriptFalsehighPerformanceUI Policy




Usage of g_form.setValue on a reference field without displayValue - UI Policy scriptTruehighPerformanceUI Policy




Usage of g_form.setValue on a reference field without displayValue - Portal Widget clientScripthighPerformanceWidget




Usage of g_form.setValue on a reference field without displayValuehighPerformanceCatalog Client Scripts
Client Script
Widget Angular Provider
UI Action
UI Script




Dot walking to sys_id - Catalog UI Policy scriptFalseMediumPerformanceCatalog UI Policy




Dot walking to sys_id - Catalog UI Policy scriptTrueMediumPerformanceCatalog UI Policy




Dot walking to sys_id - UI Policy scriptFalseMediumPerformanceUI Policy




Dot walking to sys_id - UI Policy scriptTrueMediumPerformanceUI Policy




Dot walking to sys_id - Portal Widget clientScriptMediumPerformanceWidget




Dot walking to sys_idMediumPerformanceAccess Control
Business Rule
Catalog Client Scripts
Client Script
Script Action
Inbound Email Actions
Email Script
Widget Angular Provider
Widget
Record Producer
Scripted REST Resource
Script Include
UI Action
UI Script




The "glide.db.clone.allow_clone_target" System Property is set to "true".highManageabilitySystem Property




The "sn_hr_core.impersonateCheck" System Property is "false".highSecuritySystem Property




The "glide.businessrule.callstack" System Property is set to "true".MediumPerformanceSystem Property




The demo_data_running_trigger business rule should be disabledhighManageabilityBusiness Rule




Unlogged API call error condition.mediumManageabilityBusiness Rule
Script Include




Fields used to coalesce records in a Table Transform Map should be indexed.MediumPerformanceField Map




Update Sets should contain a descriptionWarningScalabilityUpdate Sets




Avoid updating the source table on transform scriptshighManageabilityTransform Script




Avoid updating the source table on transform mapshighManageabilityTable Transform Map




moment.js - Regular Expression Denial of Service VulnerabilityhighSecurityUI Script




jQuery-ui-dialog - XSS vulnerability under 1.10.0, closeText parameter.highSecurityUI Script




jQuery-ui-dialog - XSS vulnerability under 1.10.0, title attribute.highSecurityUI Script




jQuery-ui-tooltip - XSS vulnerability under 1.10.0, title attribute.highSecurityUI Script




jQuery - XSS vulnerability under 3.0.0, when making cross-domain calls without the dataType option.highSecurityUI Script




jQuery - XSS vulnerability under 1.9.0, when using jQuery(strInput)highSecurityUI Script




jQuery - XSS vulnerability under 1.6.3, when using location.hashhighSecurityUI Script




jQuery - Prototype Pollution Vulnerability under 3.4.0highSecurityUI Script




angularjs - XSS vulnerability under 1.8.0 - input HTMLhighSecurityUI Script




angularjs - XSS vulnerability using angularjs under 1.6.5 in Firefox and Safari - sanitize on inert DocumentshighSecurityUI Script




angularjs - Denial of Service attack through DOM clobbering on versions under 1.6.3highSecurityUI Script




angularjs - XSS vulnerability through the attribute "usemap" from 1.0.0 to 1.2.30highSecurityUI Script




angularjs - XSS vulnerability through the attribute "usemap" from 1.3.0 to 1.5.0-rc2highSecurityUI Script




angularjs - XSS vulnerability using angularjs under 1.6.9 with FirefoxhighSecurityUI Script




angularjs - Prototype Pollution Vulnerability under 1.7.9highSecurityUI Script




XSS vulnerability in Ext JS Action Column getTiphighSecurityUI Script




jQuery - XSS vulnerability in htmlPrefilter under 3.5.0highSecurityUI Script




Scripted REST API Resource with hard-coded sys_ids.MediumManageabilityScripted REST Resource




Multiple Choice Catalog Variables with too many options.WarningManageabilityVariable




Catalog Items without description.WarningManageabilityCatalog Item
Record Producer




Catalog Items with short description equal to name.WarningManageabilityCatalog Item
Record Producer




Catalog with low usage of META tags.LowManageabilityCatalog




Catalog with very low usage of META tags.MediumManageabilityCatalog




Catalog with no usage of META tags.HighManageabilityCatalog




GlideRecord usage on Portal Widget Client ScriptsHighPerformanceWidget




JavaScript - Avoid making connections on unsafe protocols - Catalog UI Policy scriptFalseWarningSecurityCatalog UI Policy




JavaScript - Avoid making connections on unsafe protocols - Catalog UI Policy scriptTrueWarningSecurityCatalog UI Policy




Possible use of private data - Catalog UI Policy scriptFalseWarningSecurityCatalog UI Policy




Possible use of private data - Catalog UI Policy scriptTrueWarningSecurityCatalog UI Policy




JavaScript - Avoid use of debugger statements - Catalog UI Policy scriptFalseHighSecurityCatalog UI Policy




JavaScript - Avoid use of debugger statements - Catalog UI Policy scriptTrueHighSecurityCatalog UI Policy




JavaScript - Avoid use of WebDB - Catalog UI Policy scriptFalseHighSecurityCatalog UI Policy




JavaScript - Avoid use of WebDB - Catalog UI Policy scriptTrueHighSecurityCatalog UI Policy




JavaScript - Avoid use of Function Constructors - Catalog UI Policy scriptFalseHighSecurityCatalog UI Policy




JavaScript - Avoid use of Function Constructors - Catalog UI Policy scriptTrueHighSecurityCatalog UI Policy




JavaScript - Avoid unrestricted targetOrigin on cross-domain messaging - Catalog UI Policy scriptFalseHighSecurityCatalog UI Policy




JavaScript - Avoid unrestricted targetOrigin on cross-domain messaging - Catalog UI Policy scriptTrueHighSecurityCatalog UI Policy




JavaScript - Use === comparison - Catalog UI Policy scriptFalseWarningManageabilityCatalog UI Policy




JavaScript - Use === comparison - Catalog UI Policy scriptTrueWarningManageabilityCatalog UI Policy




JavaScript - Optimize Loops - Catalog UI Policy scriptFalseWarningPerformanceCatalog UI Policy




JavaScript - Optimize Loops - Catalog UI Policy scriptTrueWarningPerformanceCatalog UI Policy




Catalog UI Policies with hard-coded sys_ids - scriptFalse.MediumPerformanceCatalog UI Policy




Catalog UI Policies with hard-coded sys_ids - scriptTrue.MediumPerformanceCatalog UI Policy




Catalog UI Policies using GlideRecord - scriptFalse.highPerformanceCatalog UI Policy




Catalog UI Policies using GlideRecord - scriptTrue.HighPerformanceCatalog UI Policy




Document Object Model (DOM) manipulation in Catalog UI Policies - scriptFalse.HighManageabilityCatalog UI Policy




Document Object Model (DOM) manipulation in Catalog UI Policies - scriptTrue.highManageabilityCatalog UI Policy




Synchronous AJAX call in Catalog UI Policies - scriptFalse.HighPerformanceCatalog UI Policy




Synchronous AJAX call in Catalog UI Policies - scriptTrue.HighPerformanceCatalog UI Policy




JavaScript - Avoid making connections on unsafe protocols - UI Policy scriptFalseWarningSecurityUI Policy




JavaScript - Avoid making connections on unsafe protocols - UI Policy scriptTrueWarningSecurityUI Policy




Possible use of private data - UI Policy scriptFalseWarningSecurityUI Policy




Possible use of private data - UI Policy scriptTrueWarningSecurityUI Policy




JavaScript - Avoid use of debugger statements - UI Policy scriptFalseHighSecurityUI Policy




JavaScript - Avoid use of debugger statements - UI Policy scriptTrueHighSecurityUI Policy




JavaScript - Avoid use of WebDB - UI Policy scriptFalseHighSecurityUI Policy




JavaScript - Avoid use of WebDB - UI Policy scriptTrueHighSecurityUI Policy




JavaScript - Avoid use of Function Constructors - UI Policy scriptFalseHighSecurityUI Policy




JavaScript - Avoid use of Function Constructors - UI Policy scriptTrueHighSecurityUI Policy




JavaScript - Avoid unrestricted targetOrigin on cross-domain messaging - UI Policy scriptFalseHighSecurityUI Policy




JavaScript - Avoid unrestricted targetOrigin on cross-domain messaging - UI Policy scriptTrueHighSecurityUI Policy




JavaScript - Use === comparison - UI Policy scriptFalseWarningManageabilityUI Policy




JavaScript - Use === comparison - UI Policy scriptTrueWarningManageabilityUI Policy




JavaScript - Optimize Loops - UI Policy scriptFalseWarningPerformanceUI Policy




JavaScript - Optimize Loops - UI Policy scriptTrueWarningPerformanceUI Policy




UI Policies with hard-coded sys_ids - scriptFalse.MediumManageabilityUI Policy




UI Policies with hard-coded sys_ids - scriptTrue.MediumManageabilityUI Policy




Synchronous AJAX call in UI Policies - scriptFalse.HighPerformanceUI Policy




Synchronous AJAX call in UI Policies - scriptTrue.HighPerformanceUI Policy




UI Policies using GlideRecord - scriptFalse.HighPerformanceUI Policy




UI Policies using GlideRecord - scriptTrue.HighPerformanceUI Policy




Possible extra-sensitive PII usage in table column - ReligionHighSecurityDictionary




Possible extra-sensitive PII usage in table column - GenderHighSecurityDictionary




Possible PII usage in table column - NationalityWarningSecurityDictionary




Possible PII usage in table column - AddressWarningSecurityDictionary




Possible PII usage in table column - PassportWarningSecurityDictionary




"Check UI Action Conditions check before Execution" should be enabledHighSecuritySystem Property




Possible PII usage in table column - EmailWarningSecurityDictionary




UI Scripts including Open Source librariesWarningManageabilityUI Script




"Allow Javascript tags in Embedded HTML" property should be disabledHighSecuritySystem Property




Avoid Global UI Scripts.lowPerformance-




onBefore Transform Scripts should only update the target table.HighPerformance-




onBefore Business Rules should not update records on other tables.HighPerformance-




Possible extra-sensitive PII usage in configuration element - ReligionHighSecurity-




Possible PII usage in configuration element - PassportWarningSecurity-




Possible PII usage in configuration element - NationalityWarningSecurity-




Possible extra-sensitive PII usage in configuration element - GenderHighSecurity-




Possible PII usage in configuration element - AddressWarningSecurity-




Possible PII usage in configuration element - EmailWarningSecurity-




Avoid workflows with too many timer activitiesHighPerformance-




Document Object Model (DOM) manipulation in UI Scripts.HighManageability-




Avoid use of local storage on Catalog Client ScriptssHighSecurity-




Synchronous AJAX call in UI Scripts.HighPerformance-




UI Actions with debugging statements.lowScalability-




UI Script with hard-coded sys_ids.mediumManageability-




Avoid use of local storage on Client ScriptsHighSecurity-




JavaScript - Avoid making connections on unsafe protocolsWarningSecurityScripted REST Resource
Script Include
Table Transform Map
Transform Script
UI Action
UI Script




UI Policy Action without field effects.lowPerformanceUI Policy Action




Synchronous AJAX call in UI Actions.HighPerformanceUI Action




Avoid workflows with too many activitiesHighManageabilityWorkflow




JavaScript - Avoid use of WebDBHighSecurityAccess Control
Business Rule
Catalog Client Scripts
Client Script
Script Action
Inbound Email Actions
Email Script
Widget Angular Provider
Widget
Record Producer
Script Include
UI Action
UI Script




JavaScript - Avoid unrestricted targetOrigin on cross-domain messagingHighSecurityAccess Control
Business Rule
Catalog Client Scripts
Client Script
Script Action
Inbound Email Actions
Email Script
Widget Angular Provider
Widget
Record Producer
Scripted REST Resource
Script Include
UI Action
UI Script




Possible use of private dataWarningSecurityAccess Control
Business Rule
Catalog Client Scripts
Client Script
Dictionary
Script Action
Inbound Email Actions
Email Script
Widget Angular Provider
Widget
Record Producer
Scripted REST Resource
Script Include
Table Transform Map
Transform Script
UI Action
UI Script




JavaScript - Avoid use of Function ConstructorsHighSecurityAccess Control
Business Rule
Catalog Client Scripts
Client Script
Script Action
Inbound Email Actions
Email Script
Widget Angular Provider
Widget
Record Producer
Scripted REST Resource
Script Include
UI Action
UI Script




JavaScript - Avoid use of debugger statementsHighSecurityAccess Control
Business Rule
Catalog Client Scripts
Client Script
Script Action
Inbound Email Actions
Email Script
Widget Angular Provider
Widget
Record Producer
Scripted REST Resource
Script Include
UI Action
UI Script




ACLs using GlideRecord queriesMediumPerformanceAccess Control




The System Property "Update on Iterate" is enabled.MediumPerformanceSystem Property




The System Property "Auto Complete Search" is set to "Contains".lowManageabilitySystem Property




The "Security Manager" System Property is set to "Allow Access".HighSecuritySystem Property




JavaScript - Avoid use of alert functionlowScalabilityCatalog Client Scripts
Client Script
Widget Angular Provider
Widget
UI Script




Synchronous AJAX call in Catalog Client Scripts.HighPerformanceCatalog Client Scripts




JavaScript - Avoid use of Eval functionHighSecurityCatalog Client Scripts
Client Script
Widget Angular Provider
Widget
Record Producer
Scripted REST Resource
UI Script




The System Property "Items per page" includes options over 100.mediumPerformanceSystem Property




JavaScript - Use === comparisonWarningManageabilityAccess Control
Business Rule
Catalog Client Scripts
Client Script
Script Action
Inbound Email Actions
Email Script
Widget Angular Provider
Widget
Record Producer
Scripted REST Resource
Script Include
UI Action
UI Script




JavaScript - Optimize LoopsWarningPerformanceAccess Control
Business Rule
Catalog Client Scripts
Client Script
Script Action
Inbound Email Actions
Email Script
Widget Angular Provider
Widget
Record Producer
Scripted REST Resource
Script Include
UI Action
UI Script




The System Property "Go To Search" is set to "Contains".lowPerformanceSystem Property




The SOAP Timeout value is over 5 minutes.HighPerformanceSystem Property




Debug System Properties Enabled.lowPerformanceSystem Property




Server UI Actions using GlideRecord and getRowCount.MediumScalabilityUI Action




Script Includes with debugging statements.lowScalabilityScript Include




Synchronous AJAX call in Client Scripts.HighPerformanceClient Script




Business Rules with debugging statements.lowScalabilityBusiness Rule




Business Rules without function.HighScalabilityBusiness Rule




The System Property "Auto Complete Wait Time" exceeds 750 ms.MediumPerformanceSystem Property







Last modified on Jul 7, 2023