HtmlSanitize
Removes any embedded HTML code and tags that could be used to inject malicious code into a web page. However, this function does not remove tags that do simple text formatting such as bolding and italicizing text. The purpose of this function is to allow the application to display formatted HTML without allowing malicious content.
Syntax
HtmlSanitize(text)
Enabled For
For a description of the business object categories, see Notes on "Enabled For".
| Business Object Category | Yes/No |
|---|---|
| Business Rules: Before-Save Rules | Yes |
| Business Rules: Calculation Rules (After Save, with or without Also Recalculate on Load) | Yes |
| Business Rules: Calculation Rules (Before Save or Always, without Also Recalculate On Load) | Yes |
| Business Rules: Calculation Rules (Before Save or Always, with Recalculate On Load) | Yes |
| Business Rules: Editing Rules | Yes |
| Business Rules: Initialization Rules | Yes |
| Business Rules: Read Only Rules | Yes |
| Business Rules: Required Rules | Yes |
| Business Rules: Validation Rules | Yes |
| Client Expressions | Yes |
| Object Permissions | No |
| Services | Yes |
| LDAP | Yes |
| Mobile | Yes |
| Quick Actions (except UI Quick Actions) | Yes |
| UI Quick Actions | Yes |
| Reports | Yes |
| Search/Dashboard without field references | Yes |
| Search/Dashboard with field references | No |
Parameters
| Parameter | Description |
|---|---|
| text | The text to sanitize. |
Return Value
Unicode text value.
Example
$(HtmlSanitize("<b>Use this sample code to fix the issue</b> <a href='' onmouseover='alert(/executed js/)' >Link</a>"))
The example above removes the script ('alert(/executed js/)' ) and results in a text field that says this:
<b>Use this sample code to fix the issue</b> <a href='' onmouseover=''>Link</a>