Pages

Saturday, 21 June 2014

JavaScript in Salesforce Home Page Components

(alternatively Don't say I didn't warn you, or I've been expecting you, Mr Bond)

 
While poring over the Summer 14 release notes in preparation for the next BrightGen Salesforce Release Webinar, I came across a new feature that I've been expecting for some time - the new Rich Text Editor for HTML Home Page Components. While this may not sound like a big deal, the purpose of this editor is to stop unsupported markup (which we all know means JavaScript) being embedded in home page components, which will specifically impact sidebar components that manipulate the DOM of the main Salesforce page.  This technique has often been used in the past to inject additional behaviour in standard view or edit pages, removing buttons based on attributes of the record for example, or injecting additional logic into the standard save process.
 
So the deal is now sounding bigger, but there's still hope -  existing components will still be able to use the original editor and thus continue to maintain unsupported markup. However, the door is then slammed firmly shut with the statement "Existing HTML home page components with unsupported markup will continue to work until Summer ’15” (italics mine). The recommendation is to use the new Visualforce component, as this will allow markup that is not supported by the HTML editor (as you can use JavaScript quite happily in Visualforce pages). However, as Visualforce pages originate from a different server to regular Salesforce pages, they won't be able to access the standard page DOM due to the browser's same origin policy, so it appears the days of cheeky JavaScript in the sidebar to hack the main page are numbered.
 
Here's where I allow myself a smug moment - this mechanism has always seemed to me like a loophole that would be closed at some point time, so I've been a constant advocate of not using it. Whenever a customer has asked for this, I've asked them to confirm in writing they are happy for us to expend time and effort (and therefore their money) building something that may break at any time in the future and that we may not be able to fix, ever.  Unsurprisingly there has been no takeup of this.
 
Now I realise that this post is painting a picture of doom and gloom, but I don’t think its all bad news.  Given that the hacks will continue to work until the Summer '15 release suggests to me that there’s something to at least particually replace them coming in a future release.  Knowing Salesforce as I do, I’d expect it to allow enhancements/additions to the standard page without the total hijacking that is currently possible.
 

10 comments:

  1. Oh dear you make me smile n cry at same time :) great feature to add but to disable existing ones without an option seems improper.

    ReplyDelete
  2. If Salesforce doesn't come up with some alternative in future, Its big challenge.

    ReplyDelete
  3. I'd agree, if there will be no proper replacement for this it would become challenge... anyway, let's wait and see.

    ReplyDelete
  4. I had a good chat about this with Sarah from the AppExchange security review team at the summit... definitely been a long time coming but it shouldn't surprise anybody. This was always going to get shut off at some point, and I don't the use of Javascript to manipulate the standard UI will ever be endorsed.

    ReplyDelete
  5. Hi Bob,
    Is this applicable to the standard "Messages & Alerts" coomponent also ? In that component also we can embed javascript.

    ReplyDelete
  6. Had to have a wry smile at your last comment, Bob. Maybe you don't know them so well. As Salesforce hasn't put forward anything yet.....winter 16 (winter 2015 to normal people!) and home page component javascript is dead.

    ReplyDelete
    Replies
    1. Lightning Experience will allow this, but not for a release or two unfortunately.

      Delete
    2. Any news on that? I studied lightning. All I want to do is say when a user enters 10% as a "down payment". When that field looses focus (clicks away or selects another field), I want to automatically populate the field "down payment amout" by a simple formula(10/100*sales price). How would I go about doing that?

      Delete
    3. Anyone reached a solution for this?? :@ :'(

      Delete
  7. Hello there, anyone have solution for this JS problem?

    ReplyDelete