0 Replies Latest reply on Jun 14, 2017 3:16 AM by Grégoire Michel

    Salesforce disabling JS in hyperlink formula fields. Is there an impact on MSI?

    Grégoire Michel

      Hi all,


      This is the message that we have received from SFDC:

      Trust is Salesforce’s #1 value and product security is a key aspect of Trust. Salesforce has identified the inclusion of JavaScript in hyperlink formula fields as a potential security vulnerability that can allow malicious code to be executed within an org. To protect you and your Salesforce environment, we are removing this vulnerability.

      Salesforce will block JavaScript execution in hyperlink formula fields via a phased approach. Salesforce defines these fields as custom hyperlink formula fields starting with the string "javascript:".

      As of the Spring '17 release, admins can no longer create new hyperlink formula fields containing JavaScript. Editing and saving existing fields containing JavaScript is also prevented unless the JavaScript is being removed.

      In the Summer '17 release, a Critical Update Console (CRUC) setting will be introduced, allowing admins to opt-in to blocking the execution of JavaScript in hyperlink formula fields by activating this setting.

      The phased approach will conclude with the Winter '18 release** when execution of JavaScript in hyperlink formula fields will be prevented.

      ** Currently targeted for October 2017; date subject to change.

      Will this have an impact on MSI? Should we upgrade MSI or expect a release to be installed shortly ?





      Mike Reynolds, can you help?