67 views

Symptoms


HTML tags appear in the Help Text field on variables in service catalog items.

Release


Istanbul and Later

Cause


System property "glide.ui.escape_text" is set to true.

Resolution


This issue was originally reported as a problem - PRB663858. However Development has stated that "glide.ui.escape_text" should be set to true always as it protects against XSS vulnerabilities.
 
The "glide.ui.escape_text" property renders the HTML content in the Help Text and Help Tag fields only when set to false (which we do not recommend), otherwise the field treats the HTML as plain text. 
 
If users want to utilize HTML then the OOB Instructions field should be used rather than the Help Text and Help Tag fields. The Instructions field allows for HTML formatting and will display the text without tags. Users can paste HTML text into the Source Code section in the editor. 
 
 
Here is an example when "glide.ui.escape_text" is set to true and <p> Hello </p> is placed in the Help Text and Instruction fields:
 
 

Additional Information


PRB663858 - https://hi.service-now.com/nav_to.do?uri=problem.do?sys_id=ca9f859d0ffd52802f42938172050ec1

KB0562895 - https://hi.service-now.com/kb_view.do?sysparm_article=KB0562895

Product Documentation for the Instructions Field - https://docs.servicenow.com/bundle/kingston-it-service-management/page/product/service-catalog-management/task/t_CreateAVariableForACatalogItem.html

Article Information

Last Updated:2018-04-30 16:32:22
Published:2018-04-27