The below locations are those where Script Attack Protection is applied (when the protection is enabled). Entering non-whitelisted code into any of these areas will not be stored. These tags and attributes (whitelist) are still allowed in the below protected locations.
| Protected Builder Areas (on all apps, regardless of security setting) | |
| Account | Name |
| Slug | |
| Object | Name |
| Field | Name |
| Default values | |
| Formatting | |
| Page (scene) | Name |
| View | Name |
| Title | |
| Description | |
| Label | |
| "Reload Form" text | |
| "Submit" button text | |
| "No Data" text | |
| Links | |
| Groups | |
| Columns | |
| Field inputs | |
The following areas are protected when this setting is enabled:
- All field values
- On import, all imported field values
Note: Rich Text views continue to allow scripts when this setting is enabled.