Client scripts

  • Release version: Yokohama
  • Updated May 18, 2026
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Client scripts

    Client scripts in ServiceNow enable the execution of JavaScript within the user's web browser to respond to client-side events such as form loading, field value changes, and form submission. These scripts enhance the user experience by dynamically configuring forms and fields in real time during user interaction.

    Show full answer Show less

    They are used to:

    • Show or hide fields
    • Make fields read-only or writable
    • Set fields as mandatory or optional based on user roles
    • Set field values based on other fields
    • Modify choice list options according to user roles
    • Display messages based on field values

    Important: Client scripts optimize form behavior but do not secure data access. To protect sensitive data, use Access Control Lists (ACLs) or data policies.

    Where Client Scripts Run

    Client scripts generally run on forms and search pages. They do not apply to list editing except for the onCellEdit() type, which applies to list editors. For controlling field values on lists, consider using ACLs, business rules, data policies, or onCellEdit() client scripts. Client scripts are not supported in ServiceNow mobile applications.

    Client Script Types and Their Usage

    • onLoad(): Runs when the form is first rendered, before user input. Used for setting default values or manipulating the form.
    • onSubmit(): Runs during form submission to validate data; can cancel submission by returning false.
    • onChange(): Runs when a specific field value changes, with parameters to track the control, old and new values, and loading states.
    • onCellEdit(): Runs when a list cell is edited, with parameters for sysIDs, table, old and new values, and a callback to control script execution flow.

    Key Configuration Fields

    • Name: Identifier for the client script.
    • Table: The database table the script applies to.
    • UI Type: Defines the interface scope (Desktop, Mobile/Service Portal, or All).
    • Field Name: Specifies the field for onChange or onCellEdit scripts.
    • Application: The application containing the script.
    • Active: Enables or disables the script.
    • Inherited: Indicates if the script applies to extended tables.
    • Global/View: Controls script visibility across all views or specific views.
    • Description: Explanation of the script’s purpose and behavior.
    • Messages: Localized strings accessible within the script.
    • Script: The JavaScript code executed on the client side.
    • Isolate script: Controls strict mode to restrict DOM and global object access for security and stability.

    Best Practices and Considerations

    Because client scripts do not enforce data security, always complement them with ACLs or data policies to control access to sensitive information. Use client scripts to improve user interaction and validation on forms but rely on server-side controls for security and comprehensive validation.

    Strict mode is enabled by default to improve security by restricting direct DOM and global object access. You can disable strict mode per script or globally via system properties if needed.

    Client scripts allow the system to run JavaScript on the client (web browser) when client-based events occur, such as when a form loads, after form submission, or when a field changes value.

    Use client scripts to configure forms, form fields, and field values while the user is using the form. Client scripts can:

    • make fields hidden or visible
    • make fields read only or writable
    • make fields optional or mandatory based on the user's role
    • set the value in one field based on the value in other fields
    • modify the options in a choice list based on a user's role
    • display messages based on a value in a field
    Warning:

    Client scripts are intended to optimize the user experience on a form. Client scripts are not meant to protect unwanted access to data.

    To prevent unwanted access to data, ensure that sensitive fields are hidden or read-only through ACLs or data policies.

    For more information, see Access Control List Rules or Data policy.

    Where client scripts run

    With the exception of onCellEdit() client scripts, client scripts only apply to forms and search pages. If you create a client script to control field values on a form, you must use one of these other methods to control field values when on a list.
    • Create an access control to restrict who can edit field values.
    • Create a business rule to validate content.
    • Create a data policy to validate content.
    • Create an onCellEdit() client script to validate content.
    • Disable list editing for the table.
    Note:
    Client scripts are not supported on ServiceNow mobile applications.

    Client script form

    Field Description
    Name Name of the client script.
    Table Table to which the client script applies.
    UI Type Target user interface to which the client script applies.
    • Desktop: The script runs only in the desktop Core UI.
    • Mobile / Service Portal: The script runs only in mobile, portal, or configurable workspace UIs.
    • All: The script executes across all available UIs.
    Type

    onLoad() — runs when the system first renders the form and before users can enter data. Typically, onLoad() client scripts perform client-side-manipulation of the current form or set default record values.

    onSubmit() — runs when a form is submitted. Typically, onSubmit() scripts validate things on the form and ensure that the submission makes sense. An onSubmit() client script can cancel form submission by returning a value of false.

    onChange() — runs when a particular field value changes on the form. The onChange() client script must specify these parameters.
    • control: the DHTML widget whose value changed.
      Note:
      control is not accessible in mobile and service portal.
    • oldValue: the value the widget had when the record was loaded.
      Note:
      Old values aren't returned for the HTML field type.
    • newValue: the value the widget has after the change.
    • isLoading: identifies whether the change occurs as part of a form load.
    • isTemplate: identifies whether the change occurs as part of a template load.
    onCellEdit() — runs when the list editor changes a cell value. The onCellEdit() client script must specify these parameters.
    • sysIDs: an array of the sys_ids for all items being edited.
    • table: the table of the items being edited.
    • oldValues: the old values of the cells being edited.
    • newValue: the new value for the cells being edited.
    • callback: a callback that continues the execution of any other related cell edit scripts. If true is passed as a parameter, the other scripts are executed or the change is committed if there are no more scripts. If false is passed as a parameter, any further scripts are not executed and the change is not committed.
    Field Name Name of the field to which the script applies. Available only if the script responds to a field value change (onChange or onCellEdit script types).
    Application Application where this client script resides.
    Active Enables the client script when selected. Unselect this field to disable the client script.
    Inherited Indicates whether the client script applies to extended tables.
    Global If true, the client script runs on all views of the table.
    View Only visible when Global is unselected. Views on which the client script will run.
    Description Content describing the functionality and purpose of the client script.
    Messages Text string (one per line) available to the client script as localized messages using getmessage('[message]'). For additional information, see Translate a client script message.
    Script Contains the client script.
    Isolate script New client scripts are run in strict mode, in which direct DOM access is turned off. Access to jQuery, prototype, and the window object are also turned off by default. To enable DOM access on a per-script basis, leave the Isolate script option cleared. To turn off strict mode for all new globally scoped client scripts, set the glide.script.block.client.globals system property to false.