+ Start a Discussion
Amit Singh 1Amit Singh 1 

JavaScript of any type is not allowed to run within the Salesforce.com application context. This includes JavaScript blocks within HomePageComponents, WebLinks, Custom buttons and all other components that are run under the Salesforce DOM.

Hi Folks,

My app failed the security review. I am using a javascript custom button and I already had used JSENCODE function. Below is my code that has been provided by the Salesforce security team.
Issue Description

JavaScript of any type is not allowed to run within the Salesforce.com application context. This includes JavaScript blocks within HomePageComponents, WebLinks, Custom buttons and all other components that are run under the Salesforce DOM.

Finding 1 of 1

File

objects\Invoice__c.object
Code

<protected>false</protected>
        <url>{!REQUIRESCRIPT(&quot;/soap/ajax/38.0/connection.js&quot;)} 
{!REQUIRESCRIPT(&quot;/soap/ajax/38.0/apex.js&quot;)} 

if(&quot;{!JSENCODE(Opportunity.Client_ID__c)}&quot;==&quot;&quot;){
   alert(&apos;Opportunity related to this Invoice must be a Client Entity into Freshbooks.&apos;);
}else if(&quot;{!JSENCODE(Account.Account_Id__c)}&quot;==&quot;&quot;){
    alert(&apos;Opportunity related to this Invoice must be associated with a valid Freshbooks Business Entity/Account.&apos;);
}else if(&quot;{!JSENCODE(Opportunity.Email__c)}&quot;==&quot;&quot;){
        alert(&apos;Opportunity related to this Invoice can not have a blank Email address.&apos;);
}else {
   var result = sforce.apex.execute(&quot;Freshbook.syncInvoiceControllerNew&quot;,&quot;getInvoiceDetails&quot;,{invoiceId:&quot;{!JSENCODE(Invoice__c.Id)}&quot;,isClassic:true});
  if(result[0].Freshbook__Synched__c){
       alert(&apos;Invoice Synced Successfully.&apos;);
       location.reload(true); 
   }else{ 
      alert(&apos;Error Occured while Syncing the Invoice with freshbooks.&apos;); 
    }
}</url>
File

Opportunity.object
Code

<url>{!REQUIRESCRIPT(&quot;/soap/ajax/38.0/connection.js&quot;)}
{!REQUIRESCRIPT(&quot;/soap/ajax/38.0/apex.js&quot;)}

if (&quot;{!JSENCODE($Setup.Freshbooks_App_Credentials__c.Authentication_URL__c)}&quot; == &quot;&quot; ||
	&quot;{!JSENCODE($Setup.Freshbooks_App_Credentials__c.Client_Id__c)}&quot; == &quot;&quot; ||
	&quot;{!JSENCODE($Setup.Freshbooks_App_Credentials__c.Client_Secret__c)}&quot; == &quot;&quot; ||
	&quot;{!JSENCODE($Setup.Freshbooks_App_Credentials__c.SFBaseURL__c)}&quot; == &quot;&quot; ||
	&quot;{!JSENCODE($Setup.Freshbooks_App_Credentials__c.Base_URL__c)}&quot; == &quot;&quot; ||
	&quot;{!JSENCODE($Setup.Freshbooks_App_Credentials__c.Access_Token__c)}&quot; == &quot;&quot; ||
	&quot;{!JSENCODE($Setup.Freshbooks_App_Credentials__c.Refresh_Token__c)}&quot; == &quot;&quot;)
{
    alert(&apos;1 or more fields in the Custom Setting are null&apos;);
}
else
{
    if (&quot;{!JSENCODE(Opportunity.Email__c)}&quot; == &quot;&quot;)
    {
        alert(&apos;Opportu
File

Payment__c.object
Code

<openType>onClickJavaScript</openType>
        <protected>false</protected>
        <url>{!REQUIRESCRIPT(&quot;/soap/ajax/36.0/connection.js&quot;)} 
{!REQUIRESCRIPT(&quot;/soap/ajax/36.0/apex.js&quot;)} 

if(&quot;{!(Payment__c.Payment_Date__c)}&quot;==null || &quot;{!(Payment__c.Payment_Date__c)}&quot;==&apos;&apos;){

			alert(&apos;Payment Date can not be null&apos;);

}
else{

if(&quot;{!JSENCODE(Payment__c.Account_Id__c)}&quot;!=null) { 
		var result=sforce.apex.execute(&apos;Freshbook.syncPaymentController&apos;,&apos;getPaymentRecord&apos;,{paymentId:&apos;{!JSENCODE(Payment__c.Id)}&apos;, isClassic:true}); 
		if(result[0].Freshbook__Synched__c){
				alert(&apos;Payment successfully Synched.&apos;); 
                  location.reload(true);
		}
		else{
			alert(&apos;Err
Notes

Please don't write javascript in object files

Please let me know where and what I am doing wrong. Any help will be greatly appreciated.

Thanks,
Amit Singh
Best Answer chosen by Amit Singh 1
Amit Singh 1Amit Singh 1
Hi All,

I fixed the issue using the VF page as alternative of JavaScript. :)
 

All Answers

Amit Singh 1Amit Singh 1
Hi All,

I fixed the issue using the VF page as alternative of JavaScript. :)
 
This was selected as the best answer
CL ProductionCL Production
Hi Amith I am also getting same issue in security review, How do you find out sollution?
Amit Singh 1Amit Singh 1
Hi,

As I mentioned, I used a VF page and then handled everything there
CL ProductionCL Production
Hi Amith Thanks for your reply. I have done same thing for Leads, Contacts, Accounts Objects long back. But For CampaignMember Object does not support List Controller with out List controller does not show VF Page in List Button. So instead of Js Button How we can use VF page to create List Button in CampaignMember?. In Lightning I have done by using Lightning record page.