Blog Post
@Joe Hargrave Firstly I do want to address your main question on if there is another way for you to accomplish all of your needs in a form right now. You are correct that the Javascript change does mean that there isn't another way right now to pull in iframes, videos, or PDFs directly on the form. There is work being done right now to look into a safer way to Iframe in content and to consider how we can improve forms (an example of which is live in our new Dashboard's beta) and feedback from users effected by the change is really important to highlight gaps we can look at. That is why when we reach the dates set in our plan we are locking down new javascript and editing but we aren't disabling them, giving admins more time to plan their changes and make them.
The heart of this change is that Javascript in the platform as it exists today presents a possible security concern to every account but another valuable part of the change is that right now our teams working on new features and functionality always run the risk of breaking existing Javascript in an app with no warning to that apps admins or users since we have limited insight into what they coded. A big component here is to communicate to every account that we are closing this down for security reasons but also to allow future innovation and give people time to transition off of techniques that leave their apps vulnerable to change and that frustration. As the use of javascript grew the concern here became bigger if we didn't make a clear communication and break to prevent people from building with methods that are risky both for their security but also for the future of their apps and unfortunately there is pain that is going to come out of this change but we want to do our best to listen to the feedback we get.
@Avinash Sikenpore In our current transition plan what is the biggest pain point for your use of javascript and QB? For example for save and redirects we are starting to release new options for redirecting a user and enhancing our native formulas to increase their reach and power like the enhancement coming in our March release that I pulled from our release notes below:
If you have other gaps you are concerned about we would definitely like to hear them.
The heart of this change is that Javascript in the platform as it exists today presents a possible security concern to every account but another valuable part of the change is that right now our teams working on new features and functionality always run the risk of breaking existing Javascript in an app with no warning to that apps admins or users since we have limited insight into what they coded. A big component here is to communicate to every account that we are closing this down for security reasons but also to allow future innovation and give people time to transition off of techniques that leave their apps vulnerable to change and that frustration. As the use of javascript grew the concern here became bigger if we didn't make a clear communication and break to prevent people from building with methods that are risky both for their security but also for the future of their apps and unfortunately there is pain that is going to come out of this change but we want to do our best to listen to the feedback we get.
@Avinash Sikenpore In our current transition plan what is the biggest pain point for your use of javascript and QB? For example for save and redirects we are starting to release new options for redirecting a user and enhancing our native formulas to increase their reach and power like the enhancement coming in our March release that I pulled from our release notes below:
Enhancements
Formula URL and rich text can now redirect to where a user started
Previously, builders had to pre-define a location for their formula buttons to redirect to, or first redirect to a custom code page. Starting in this release, a new URL pattern is available to redirect an end user to where they started. For example,
URLRoot() & "db/" & [_DBID_SUB_TASKS] & "?a=API_AddRecord"&"&rdr="&URLEncode( URLRoot()
& "db/" & Dbid() & "?a=doredirect&z=" & Rurl())
If you have other gaps you are concerned about we would definitely like to hear them.