netsuite – Exploiting formula columns in saved searches – Protect string formulas from corruption and injection attacks

In a string formula field, consider that some values might contain substrings which look to the browser like HTML. Unless this is intentional, it is important to protect the values from corruption. This is useful to avoid injection attacks: it prevents someone from entering HTML into a comment field in a web order that later gets interpreted on the desk of the customer service rep.

htf.escape_sc( expression )

if you want to reproduce, please indicate the source:
netsuite – Exploiting formula columns in saved searches – Protect string formulas from corruption and injection attacks - CodeDay