The style of a readonly HTML-type field's value gets applied to the whole form page


Description

If the HTML-type field is set to readonly (at dictionary level) and its value contains <body> tag , then the style of the <body> tag gets applied to the form's <body> tag.

Steps to Reproduce

1- Create/update an HTML-type field as readonly (i.e.: /sys_dictionary_list.do?sysparm_query=name%3Dkb_knowledge%5Eelement%3Dtext ).
2- Pick an existing record or create one (i.e. KB0000031: /nav_to.do?uri=kb_knowledge.do?sys_id=409de43187032100deddb882a2e3ecd9 ).
3- Go to System Definition > Scripts - Background. Modify accordingly and run the script below:
var gr = new GlideRecord('kb_knowledge');
gr.get('409de43187032100deddb882a2e3ecd9');
gr.text = '<!DOCTYPE html> <body style=\"background-color:rgb(69, 84, 100)\"> This is a text </body> ';
gr.update();
4- Go to the updated/created record. The form background color can be seen as rgb(69, 84, 100) instead of system-default.

Workaround

HTML fields should not be injected with any '<body style="...">' tags, they will not render properly. The TinyMCE editor for the html field does not allow this when a user edits the field directly, and can lead to unexpected results.

The resolutive practice is instead to remove the read-only setting from the dictionary level, and add a UI Policy in which the necessary field will be set as read-only.


Related Problem: PRB1301812