Cross-Site Scripting (XSS) is a security vulnerability that can occur in web applications and allows an attacker to inject malicious code into a web page that is viewed by other users. This can result in sensitive information being stolen, or malicious actions being performed by the attacker on behalf of the victim.

ServiceNow provides a platform for IT service management and digital workflow solutions. To prevent XSS attacks, ServiceNow has a system property called **glide.html.escape_script**, which can be set to true to enforce JavaScript escaping in HTML fields during list views.

Here’s an example of how this property works:

SettingResult**glide.html.escape_script** = falseA malicious attacker can insert JavaScript code into an HTML field by embedding it within <script></script> tags. This code will execute when a user views the table record, potentially compromising their session information and sensitive data.**glide.html.escape_script** = trueThe JavaScript code within the <script></script> tags is escaped, and the malicious code is not executed. This helps to prevent XSS attacks and keep the user's data safe.

In conclusion, it’s important to be aware of the security risks associated with XSS attacks and to take measures to prevent them. Setting the **glide.html.escape_script** property to true in ServiceNow is one step in the right direction to secure your web application and keep your user's data safe.