JavaScript in HTML Attributes

For security reasons, we are discontinuing support for JavaScript in the HTML attributes of a database object. We are implementing this change over several releases.

Beginning with Version 20.9, Business Manager users aren’t allowed to embed JavaScript in HTML attributes. However, for a transition period, Business Manager users with strong authentication, such as through multifactor authentication with Account Manager, can embed JavaScript in HTML attributes. To authenticate users using multifactor authentication with Account Manager, enable Unified Authentication with Account Manager in Business Manager at Administration > Global Preferences > Security. Also, in Account Manager, assign the user’s account to a role that requires multifactor authentication.

A Business Manager user with strong authentication can also temporarily allow users without strong authentication to include JavaScript in HTML attributes. Go to Administration > Global Preferences > JavaScript in Attributes, and click Enable. For 1 hour, users without strong authentication can embed JavaScript in HTML attributes.

Important: Separate from the issue of JavaScript in HTML attributes, Salesforce strongly recommends that you implement multifactor authentication for all Business Manager users.

© Copyright 2000-2020, salesforce.com inc. All rights reserved. Various trademarks held by their respective owners.

 Show URL Submit FeedbackPrivacy Policy
X Privacy Update: We use cookies to make interactions with our websites and services easy and meaningful, to better understand how they are used. By continuing to use this site you are giving us your consent to do this. Privacy Policy.