Forum Discussion
hhersch
Qrew Captain
Hi Jake. I'll jump in here as the person driving our multi-year UI refresh journey. Our priority as a platform is time-to-value, not necessarily pixel perfect control.
We have done significant research on this in the past 12 months. Many of our partners and customers have been involved in this. Arbitrary code in a place it wasn't intended in any software system is considered a security vulnerability. As a software platform that serves thousands of enterprise customers with rigorous security controls, security and supportability has to take precedence. In the case of Quick Base, the intended place for JavaScript code has always been code pages.
Without getting too far into the weeds, there are numerous conflicts that arise with unsupported code on any page, since we cannot regression test for it. As we are significantly investing in our interface, this only increases the likelihood issues will appear which we have no way to support. Even if an administrator approves it, there is still a support and maintenance challenge and things can break without notice.
Long term, we absolutely understand the value in extending the platform and have a detailed strategy in place to allow for further customization and power. That won't all be in the way of JavaScript though. Adding native capabilities, such as those to our formula engine, are going to reduce the need for the unsupported and supported code, getting you to the ideal experience faster.
Finally, we have an extensibility strategy we are building towards which will allow safe and intended extension points. For example in our new dashboards, we are exploring allowing builders to insert a custom code page to be inserted and receive filter events so that a custom chart or report can feel native to the end user. And in our new forms, iFrames will absolutely be supported. We just need to carefully keep the plates spinning between short term, long term, usability, supportability and security.
Hope this helps.
------------------------------
Harrison Hersch
Director of Product Operations
------------------------------
We have done significant research on this in the past 12 months. Many of our partners and customers have been involved in this. Arbitrary code in a place it wasn't intended in any software system is considered a security vulnerability. As a software platform that serves thousands of enterprise customers with rigorous security controls, security and supportability has to take precedence. In the case of Quick Base, the intended place for JavaScript code has always been code pages.
Without getting too far into the weeds, there are numerous conflicts that arise with unsupported code on any page, since we cannot regression test for it. As we are significantly investing in our interface, this only increases the likelihood issues will appear which we have no way to support. Even if an administrator approves it, there is still a support and maintenance challenge and things can break without notice.
Long term, we absolutely understand the value in extending the platform and have a detailed strategy in place to allow for further customization and power. That won't all be in the way of JavaScript though. Adding native capabilities, such as those to our formula engine, are going to reduce the need for the unsupported and supported code, getting you to the ideal experience faster.
Finally, we have an extensibility strategy we are building towards which will allow safe and intended extension points. For example in our new dashboards, we are exploring allowing builders to insert a custom code page to be inserted and receive filter events so that a custom chart or report can feel native to the end user. And in our new forms, iFrames will absolutely be supported. We just need to carefully keep the plates spinning between short term, long term, usability, supportability and security.
Hope this helps.
------------------------------
Harrison Hersch
Director of Product Operations
------------------------------
JakeRattner1
4 years agoQrew Cadet
Hi Harrison,
Yes, that's very helpful and detailed. Really appreciate the response.
To hear that iFrames will still be supported in the new form is a huge relief.
I've also heard that, for old fields with JS, you will still be able to keep your JS. Is that true? If yes, it sounds like eventually, those will not be supported either, but that would come later. Is that accurate?
Thanks!
Jake
------------------------------
Jake R
------------------------------
- IvanWeiss4 years agoQrew CaptainSorry this post took a direction I really did not intend! However, let me provide my 2cents on all of this. I joined quick base about 1 1/2 years ago representing a company sized of about 40 employees. We dont have a development team.... I am the COO and computer savvy with an interest in programming but little formal training.....
Quick base out of the box is fantastic but has limitations. People are using javascript to solve problems. I know that when clients use outside tools to solve problems in my industry it means I have some gaps..... The answer should not be to eliminate that functionality without providing the resources to solve those problems. I certainly hope that you are going to provide a way to solve for these challenges first.
As to support..... I had not honestly thought of such an elementary idea of just copying the button and creating multiple fields to use. I know it sounds silly... But I did reach out on community and this was the advice received..... After reaching quick base support.
I cannot tell you how many times I am told go to a partner which for a smaller business does not work. I am already spending a lot of money on quick base, so the support needs to be thorough enough to provide solutions....
As to my specific problem I will certainly go the multiple field route as it is simple enough to implement to fix my issue..... But I really think you have a bigger issue here.... A casual mention in the community of preventing future javascript is not a very good communication plan....I apologize to call that out, but that is really not the right place for such an announcement.
I love quick base, since joining I am a huge fan.... But I think you have uncovered some issues here on a few fronts I really hope will be taken seriously.... Harrison or anyone if any need to discuss further offline feel free to reach out (iweiss@elitestudioe.com) but I do really hope this is going to be handled well as it is going to create a bit issue in a number of ways.
I understand, like everyone does, that javascript is not officially supported..... But there is a reason it is there.... And more importantly best be really careful how this is all communicated and what options are going to be available in lieu of the most common javascript uses.
For example, I have no idea how to even implement javscript in a code page for our use.... So maybe need some training on that too.
------------------------------
Ivan Weiss
------------------------------ - hhersch4 years agoQrew CaptainWe have a very intentional and thorough communication plan coming on this so stay tuned. But in short, we are not intentionally breaking anything existing. There has always been the risk of those things breaking (and they do regularly actually).
------------------------------
Harrison Hersch
Director of Product Operations
------------------------------ - BrianCafferelli4 years agoQrew CaptainHi Ivan,
No worries at all and thank you for the great conversation! It's so important for us to have this open dialogue. I just wanted to respond once more to kind of wrap things up for now. While partners are an important part of our community, it should not be necessary to work with a partner to create common types of buttons in Quick Base. If it appears that way, there may either be a misunderstanding or we may want to evaluate that situation, to see how adding a new feature there might benefit all users. The more pieces of your app you build using native QB features rather than JS code you may not be very familiar with, puts more control in your hands to customize and extend your app. The idea of copying a formula field I shared above is just one example, and we we've observed many reaching for javascript quickly to accomplish something in Quick Base where there may be other options.
We've shared some detail about why we're making the javascipt change later this year, as well as some info on how to address the workflow issue from the opening post without using javascript. So I would encourage folks interested to read this thread from the beginning, and to add your own thoughts.
For more information about these javascript changes, keep an eye out for an official announcement post from us in the coming months. My apologies for the slightly premature announcement here, and anyone should feel free to email me at bcafferelli@quickbase.com if you'd like to follow up offline.
------------------------------
Brian Cafferelli
Product Marketing Manager | Quick Base
------------------------------