Forum Discussion

hhersch's avatar
hhersch
Qrew Captain
4 years ago

Re: Rich Text Field Showing Javascript Code

Hi Jake. I'll jump in here as the person driving our multi-year UI refresh journey. Our priority as a platform is time-to-value, not necessarily pixel perfect control.

We have done significant research on this in the past 12 months. Many of our partners and customers have been involved in this. Arbitrary code in a place it wasn't intended in any software system is considered a security vulnerability. As a software platform that serves thousands of enterprise customers with rigorous security controls, security and supportability has to take precedence. In the case of Quick Base, the intended place for JavaScript code has always been code pages.

Without getting too far into the weeds, there are numerous conflicts that arise with unsupported code on any page, since we cannot regression test for it. As we are significantly investing in our interface, this only increases the likelihood issues will appear which we have no way to support. Even if an administrator approves it, there is still a support and maintenance challenge and things can break without notice.

Long term, we absolutely understand the value in extending the platform and have a detailed strategy in place to allow for further customization and power. That won't all be in the way of JavaScript though. Adding native capabilities, such as those to our formula engine, are going to reduce the need for the unsupported and supported code, getting you to the ideal experience faster.

Finally, we have an extensibility strategy we are building towards which will allow safe and intended extension points. For example in our new dashboards, we are exploring allowing builders to insert a custom code page to be inserted and receive filter events so that a custom chart or report can feel native to the end user. And in our new forms, iFrames will absolutely be supported. We just need to carefully keep the plates spinning between short term, long term, usability, supportability and security.

Hope this helps.


------------------------------
Harrison Hersch
Director of Product Operations
------------------------------

4 Replies

Sort By
  • JakeRattner1's avatar
    JakeRattner1
    Qrew Cadet
    4 years ago

    Hi Harrison, 

    Yes, that's very helpful and detailed.  Really appreciate the response.

    To hear that iFrames will still be supported in the new form is a huge relief.  

    I've also heard that, for old fields with JS, you will still be able to keep your JS.  Is that true?  If yes, it sounds like eventually, those will not be supported either, but that would come later.  Is that accurate?

    Thanks!
    Jake



    ------------------------------
    Jake R
    ------------------------------
    • hhersch's avatar
      hhersch
      Qrew Captain
      4 years ago
      We have a very intentional and thorough communication plan coming on this so stay tuned. But in short, we are not intentionally breaking anything existing. There has always been the risk of those things breaking (and they do regularly actually).

      ------------------------------
      Harrison Hersch
      Director of Product Operations
      ------------------------------
      • IvanWeiss's avatar
        IvanWeiss
        Qrew Captain
        4 years ago
        Sorry this post took a direction I really did not intend!  However, let me provide my 2cents on all of this.  I joined quick base about 1 1/2 years ago representing a company sized of about 40 employees.  We dont have a development team....  I am the COO and computer savvy with an interest in programming but little formal training.....

        Quick base out of the box is fantastic but has limitations.  People are using javascript to solve problems.  I know that when clients use outside tools to solve problems in my industry it means I have some gaps.....  The answer should not be to eliminate that functionality without providing the resources to solve those problems.  I certainly hope that you are going to provide a way to solve for these challenges first.

        As to support.....  I had not honestly thought of such an elementary idea of just copying the button and creating multiple fields to use.  I know it sounds silly...  But I did reach out on community and this was the advice received.....  After reaching quick base support.

        I cannot tell you how many times I am told go to a partner which for a smaller business does not work.  I am already spending a lot of money on quick base, so the support needs to be thorough enough to provide solutions....

        As to my specific problem I will certainly go the multiple field route as it is simple enough to implement to fix my issue.....  But I really think you have a bigger issue here....  A casual mention in the community of preventing future javascript is not a very good communication plan....I apologize to call that out, but that is really not the right place for such an announcement.  

        I love quick base, since joining I am a huge fan....  But I think you have uncovered some issues here on a few fronts I really hope will be taken seriously....  Harrison or anyone if any need to discuss further offline feel free to reach out (iweiss@elitestudioe.com) but I do really hope this is going to be handled well as it is going to create a bit issue in a number of ways.  

        I understand, like everyone does, that javascript is not officially supported.....  But there is a reason it is there....  And more importantly best be really careful how this is all communicated and what options are going to be available in lieu of the most common javascript uses.

        For example, I have no idea how to even implement javscript in a code page for our use....  So maybe need some training on that too.

        ------------------------------
        Ivan Weiss
        ------------------------------