Notifications

2 views

Description

If any HTML field includes <html> tag, saving the form automatically removes the <html> tag from the field.
If that HTML field is audited, the activity stream shows a change on the field even though there is no visual change.
* A value with <html> tag can be entered into HTML field via any background process.

Steps to Reproduce

1. Create an HTML field(i.e. u_htmlfield) on incident table(or on any table) and add the new field to Activity Stream
2. Go to 'Scripts - Background' and run the following script
var gr = new GlideRecord('incident');
gr.get('<sys_id>');
gr.u_htmlfield = '<html>\r\nteststring\r\n<\/html>';
gr.update();
3. Go to the updated record to see 'teststring' in the HTML field and the update in Activity Stream
4. Save the record without modification

Actual behavior:
'teststring' still be seen in HTML field, and there is another update in the Activity Stream. i.e.
htmlfield
teststring

was
teststring

Expected behavior:
No update in activity stream

Workaround

The standard behavior of our HTML editor removes <html> tags from HTML content.  This is not currently configurable in the HTML sanitization config.

Business rules and background scripts should not write <html> tags into html fields, or any other field that is blacklisted in the HTML sanitizer, otherwise those values will be stripped out next time the form is saved.  Stick to creating snippets of HTML in HTML fields rather than trying to create entire HTML documents.


Related Problem: PRB1352581

Seen In

There is no data to report.

Associated Community Threads

There is no data to report.

Article Information

Last Updated:2019-10-01 14:16:17
Published:2019-10-01