HTML field removes tag automatically


If any HTML field includes <html> tag, saving the form automatically removes the <html> tag from the field.

If that HTML field is audited, the activity stream shows a change in the field even though there is no visual change.

A value with the <html> tag can be entered into HTML field via any background process.

Steps to Reproduce

1. Create an HTML field(i.e. u_htmlfield) on incident table(or on any table) and add the new field to Activity Stream
2. Go to 'Scripts - Background' and run the following script
var gr = new GlideRecord('incident');
gr.u_htmlfield = '<html>\r\nteststring\r\n<\/html>';
3. Go to the updated record to see 'teststring' in the HTML field and the update in Activity Stream
4. Save the record without modification

Actual behavior:
'teststring' still be seen in HTML field, and there is another update in the Activity Stream. i.e.


Expected behavior:
No update in activity stream


The standard behavior of our HTML editor removes <html> tags from HTML content. This is not currently configurable in the HTML sanitization configuration.

Business rules and background scripts should not write <html> tags into HTML fields, or any other field that is excluded in the HTML sanitizer, otherwise, those values will be stripped out next time the form is saved. Preferably, create snippets of HTML in HTML fields rather than trying to create entire HTML documents.

Related Problem: PRB1352581