The style of a readonly HTML-type field's value gets applied to the whole form page


If the HTML-type field is set to readonly (at dictionary level) and its value contains <body> tag , then the style of the <body> tag gets applied to the form's <body> tag.

Steps to Reproduce

1- Create/update an HTML-type field as readonly (i.e.: / ).
2- Pick an existing record or create one (i.e. KB0000031: / ).
3- Go to System Definition > Scripts - Background. Modify accordingly and run the script below:
var gr = new GlideRecord('kb_knowledge');
gr.text = '<!DOCTYPE html> <body style=\"background-color:rgb(69, 84, 100)\"> This is a text </body> ';
4- Go to the updated/created record. The form background color can be seen as rgb(69, 84, 100) instead of system-default.


HTML fields should not be injected with any '<body style="...">' tags, they will not render properly. The TinyMCE editor for the html field does not allow this when a user edits the field directly, and can lead to unexpected results.

The resolutive practice is instead to remove the read-only setting from the dictionary level, and add a UI Policy in which the necessary field will be set as read-only.

Related Problem: PRB1301812