HtmlSanitize

Removes any embedded HTML code and tags that could be used to inject malicious code into a web page. However, this function does not remove tags that do simple text formatting such as bolding and italicizing text. The purpose of this function is to allow the application to display formatted HTML without allowing malicious content.

Syntax

HtmlSanitize(text)

Enabled For

For a description of the business object categories, see Notes on "Enabled For".

Business Object Category Yes/No
Business Rules: Before-Save Rules Yes
Business Rules: Calculation Rules (After Save, with or without Also Recalculate on Load) Yes
Business Rules: Calculation Rules (Before Save or Always, without Also Recalculate On Load) Yes
Business Rules: Calculation Rules (Before Save or Always, with Recalculate On Load) Yes
Business Rules: Editing Rules Yes
Business Rules: Initialization Rules Yes
Business Rules: Read Only Rules Yes
Business Rules: Required Rules Yes
Business Rules: Validation Rules Yes
Client Expressions Yes
Object Permissions No
Services Yes
LDAP Yes
Mobile Yes
Quick Actions (except UI Quick Actions) Yes
UI Quick Actions Yes
Reports Yes
Search/Dashboard without field references Yes
Search/Dashboard with field references No

Parameters

Parameter Description
text The text to sanitize.

Return Value

Unicode text value.

Example

$(HtmlSanitize("<b>Use this sample code to fix the issue</b> <a href='' onmouseover='alert(/executed js/)' >Link</a>"))

The example above removes the script ('alert(/executed js/)' ) and results in a text field that says this:

<b>Use this sample code to fix the issue</b> <a href='' onmouseover=''>Link</a>