Block Execution of JavaScript in the HYPERLINK Function (Critical Update)
Previously, you could use JavaScript to prepare the URL argument in
a HYPERLINK function. However, this approach introduces a security vulnerability because
JavaScript can include cross-site scripting and make the URL execute on behalf of users. This
critical update blocks the execution of JavaScript used to specify a URL in the HYPERLINK
function.
| Available in: Personal, Group, Professional, Enterprise, Performance, Unlimited, Developer, Contact Manager, and Database.com Editions |
Before activating this update, we recommend that you review the use of JavaScript in
HYPERLINK functions in your Salesforce org and begin migration toward alternative solutions.
Here are some possible workarounds.
- Custom button or link to execute onClick JavaScript. See Custom Buttons or Links. Supported in Salesforce Classic only.
- Lightning Experience Quick Action button. Create JavaScript in a Lightning Experience component executed through a Quick Action button. Supported in Lightning Experience only.
- Custom Visualforce page with an Apex controller to redirect to the correct URL. Take this approach if you can execute client-side conditional logic to redirect the user to where you want. Create an empty Visualforce page and an Apex controller. Pass the required values from the link to the controller. Then execute the logic to determine the URL in the controller method, to perform the redirect.
For information on how to locate formula fields impacted by the CRUC, see Using Apex Code in Workbench to Find JavaScript.