During a Hardening period with one of our customers I had to set some security properties to ‘true’. This will harden the security on the platform. Setting some properties to ‘true’ did cause some issues. For example, the glide.ui.escape_text property. While this property is set to ‘true’, HTML will be shown as a string when a message (sys_ui_message) contains HTML or a script include is returning HTML. This is not the expected result. Therefore I have found two different solutions to solve this issue. To solve the messages issue, it is possible to remove the html tags within the messages and place these tags in the corresponding macro, ui page or dynamic content (at the place where you’ll be showing the content).
Since we are showing a string instead of HTML, the second solution is to transform this string into HTML. First you will have to create two variables. One for (1)the HTML string value and one to (2)pass this value to. In this case, it is the hidden inputfield (1)“#ka_url” and the (2)“allKAItems” div. Set the “allKAItems” variable as innerHTML equal to the variable you have made for “#ka_url”. InnerHTML is important, because it sets or returns content to HTML. This solves the whole problem!
<g:evaluate var="jvar_ka”>
new PortalFunctions().KAItems(10);
</g:evaluate>
<!—Passing all the values into a input—>
<input type="hidden" id=“ka_url” value="${jvar_ka}"/>
<!—Within this div the value from “ka_url” should be shown—>
<div id=“allKAItems”></div>
<script>
var knowledgeArticleUrls = gel('ka_url').value;
var returnHtml = gel('allKAItems');
returnHtml.innerHTML = knowledgeArticleUrls;
</script>
//This is what we return from the Script Include called portalFunctions (Function KAItems)
var html = '<ul>';
while (KAItems.next())
{
html += '<li class=“knowledge_item”>’;
html += '<a href="ka_view.do?sys_kb_id=' + KAItems.u_kb_article.sys_id + '" class="knowledge_link">';
html += KAItems.u_short_description;
html += '</a></li>';
}
return '</ul>' + html;
I hope this was useful info! Please drop a comment if you would like more information!
[at]