This site was built to compliment the existing NetSuite Professionals Slack Community by adding a means for members to easily find answers to common questions and to create a searchable database of those questions and answers.

NetSuite Professionals

<@U856E2SEA> I'm trying to do something sort of risky (in sandbox). I want to select `&lt;script&gt;nlapisubmitfield(...)&lt;/script&gt;`  . Is this doable in your suitelet?

So if you select `'&lt;b&gt;' || transaction.id || '&lt;b&gt;'`, it renders the html. Can you render script tags?

I have to look into it more how it renders it. So far it isn't working.

That's technically an XSS attack. NetSuite used to be really poor in protecting against those but recently has plugged the major holes.

If you want a quick and dirty mass update like that, I'd select the 'nlapiSubmitFields's and then paste them into the browser console to actually run. You will probably get through a couple hundred before you run out of governance and need to refresh the page

I guess that technically it can be seen as an XSS attack, except that it lacks anything that could be seen as malicious. Regardless, I don't think I'd use this approach to update data.