HTML Tags Appear in the Help Text Field on Service Catalog Variables When "glide.ui.escape_text" is Set to True




HTML tags appear in the Help Text field on variables in service catalog items.


Istanbul and Later


System property "glide.ui.escape_text" is set to true.


This issue was originally reported as a problem - PRB663858. However Development has stated that "glide.ui.escape_text" should be set to true always as it protects against XSS vulnerabilities.
The "glide.ui.escape_text" property renders the HTML content in the Help Text and Help Tag fields only when set to false (which we do not recommend), otherwise the field treats the HTML as plain text. 
If users want to utilize HTML then the OOB Instructions field should be used rather than the Help Text and Help Tag fields. The Instructions field allows for HTML formatting and will display the text without tags. Users can paste HTML text into the Source Code section in the editor. 
Here is an example when "glide.ui.escape_text" is set to true and <p> Hello </p> is placed in the Help Text and Instruction fields:

Additional Information

PRB663858 -

KB0562895 -

Product Documentation for the Instructions Field -