Dave Slusher

3 minute read

Along with the London release comes new APIs that can be used by developers. Here are a few of the ones of particular interest to ServiceNow developers. The full list is available here.

I have previously posted about starting Flows and Subflows with the startAsync() method, so if you want more detail check that out here .

Glide Security Utils

There is a new API called GlideSecurityUtils. This is used for cleaning input and preventing things like script injection and cross-site scripting attacks. You have a few methods to use.

One is cleanURL(String), which takes in text and removes anything problematic.

myurl='javascript%3Aalert(1)';
var clean=GlideSecurityUtils.cleanURL(myurl);
gs.info(clean);

This would return the empty string after removing the javascript. Alternately, you can keep it but escape the elements by using escapeScript(String).

theScript="<script> alert(1)</script>";
var escapedScript=GlideSecurityUtils.escapeScript(theScript);
gs.info(escapedScript);

This would return the original text with the brackets escaped: “<script> alert(1)</script>“

GlideStringUtil

Another new API is the GlideStringUtil class. It has a lot of handy methods to do common transformations such as dotToUnderBar(String) and normalizeWhitespace(String), both of which I have done similar with a series of regular expressions. I am happy to no longer maintain that code and let it exist in the system.

There is getNumeric(String), which will take an input string and strip out everything but the numeric characters.

mystring='123 test 456 String 789 cleaning';
onlyNumeric=GlideStringUtil.getNumeric(mystring);
gs.info(onlyNumeric);

This will return the value “123456789”. Note that is very much only numeric characters. For example, the code

mystring='The total is $71.45, due now.';
onlyNumeric=GlideStringUtil.getNumeric(mystring);
gs.info(onlyNumeric);

returns “7145” without the decimal point, so be aware of that.

There are also a variety of escaping and unescaping methods:

escapeAllQuotes(String)
escapeForHomePage(String)
escapeHTML(String)
escapeNonPrintable(String)
escapeTicks(String)
newLinesToBreaks(String)
unescapeHTML(String)

In addition, there are some validation methods such as:

isBase64(String)
isEligibleSysID(String)

GlideXMLUtil

There is another handy new utility class, GlideXMLUtil. This has two methods presently to aid in dealing with XML input and output.

removeInvalidChars(String)

to strip out breaking characters, such at some unprintable characters.

validateXML(String, Boolean, Boolean) returns a true/false answer whether a chunk of XML is valid. The first boolean is whether to be name space aware, and the second is whether to be strict about whether the block is surrounded by <xml> tags.

Sentiment Analyser

An entirely new Scoped API class is the SentimentAnalyser. Once you have instantiated that object, you can call methods such as analyze(String) to receive a JSON object such as the following:

        var sa = new sn_nlp_sentiment.SentimentAnalyser();
        var result = sa.analyze ("I am ok with this situation");
{"status": "Success",
"score": "0.7",
"normalizedScore": "0.7",
"connectorConfig": "10932aa773101300734e234ffff6a777",
"errorMessage":""}

This object is telling you the results of the analysis. It succeeded, and the score is generally more positive than negative. The score can range from perfectly positive, which would be 1 to completely negative, which would be -1. It is possible to have different connector configurations and also to do analysis by language.

The Sentiment Analysis plugin ( com.snc.sentiment_analysis) must be enabled to access the SentimentAnalyser API.

There are a lot of interesting APIs and methods in this release so I hope you will find something to make your work more productive and your codebase cleaner and simpler.


Comments