+ Start a Discussion
EJWEJW 

Winter '16 no longer properly displays HTML error messages on the Lead Conversion page.

Prior to Winter '16 the lead conversion page would properly display error messages that contain HTML if you called sObject.addError() with the escape parameter set to false, but this was broken with the new release.  This breaks some of the functionality of one of our products and impacts quite a few of our customers.

I don't see this as an existing known issue, could some look into this and create a known issue and possible ETA for a fix?
Boris BachovskiBoris Bachovski
It was once broken and then fixed. I'm not sure if it's the case again - https://success.salesforce.com/issues_view?id=a1p30000000T4PjAAK but I would recommend you to open up a case with Salesforce support to look into this issue.
EJWEJW
Yes and there are several other minor pages throughout SFDC that don't support HTML error messages (change ownership, quick create) but I've been unsuccesful when I've tried getting SFDC to fix that in the past.  Lightning Experience also seems to ignore the HTML escape parameter of addError() and always escapes.
Lars NielsenLars Nielsen
Yeah, this clearly got changed with Winter 16' and as Boris pointed out in Reference W-1724664 this bug is also on the convert page. 
Lars NielsenLars Nielsen
Okay, I posted this to Twitter and got a DM from @asksalesforce with the following:

Thank you, Lars! I created a case on your behalf and added all the details that you shared - case #12672061 . You should hear from one of our support reps shortly. Thanks! ^MA
EJWEJW
Great, having issues with getting our developer support set up so I haven't been able to open a case on it yet.  I'll still open my own case but reference yours when I do.  We should have a few customers doing the same as well, so hopefully they'll fix this quickly.
EJWEJW
It's very frustrating that they added offical support for HTML error messages in Apex Code (via SObject.addError( message, escapeHtml ) ) but seem not to want to support if officially throughout the platform.  The change ownership and quick create pages have had this problem for years and I've brought up the issue with SFDC support but was told they weren't going to fix it.

Then of course there's SalesForce1 and Lightning Experience, which don't support it either (or didn't last time I checked).
Eric LehnenEric Lehnen
Any progress on this?
Lars NielsenLars Nielsen
No, it has been escalated to Teir 3 but they say the workdounrd to to render straight from the trigger. i.e. in my case the trigger doesn't do much but talk to classes. The suggestion was to take all the logic from the classes and put into the trigger for now. Rather than take the time to re-work all the code we did a small POC and found that even with a basic trigger we still had the issue. 
Lars NielsenLars Nielsen
Okay so quick update on the two seperate issues (in my mind they are the same problem but they are worked seperately. 

1) Trigger - add error escape html not working is being investigated now. Now timeline but it is a higher priority than below
2) Trigger - when the add error come from a class in your code outside the trigger and bubbles up to the trigger. Spring 16 is the current estimate for this fix

Recommendation from support is move logic out of classes and into the triggers as a short-term (3-5 month workaround). Goes against good coding practices but when #1 is fixed this is the suggested workaround.
Lars NielsenLars Nielsen
Okay! Happy to report we finally have official bug tickets - plesae go vote them up so that Salesforce knows these affect you.

This is the new KI, created today, for the bug related to addError() on the convert page, in triggers:
https://success.salesforce.com/issues_view?id=a1p30000000jaTX
This is the KI for the bug related to addError() in Apex classes.
https://success.salesforce.com/issues_view?id=a1p300000008aa4 (https://success.salesforce.com/issues_view?id=a1p300000008aa4)
EJWEJW
Thanks.  Love that they list a workaround that doesn't work on the second one.
EJWEJW
FYI, this still isn't fixed in Spring '16 pre-release.  I'd recommend everyone pursue this with SFDC so we can get this resolved.
EJWEJW
Just got off the phone with a support rep and he's now saying that SFDC doesn't consider this a bug and isn't planning on fixing it due to security concerns.  Not sure how to pursue this further.  Obviously HTML error messages are supported in apex code and throughout most of Salesforce.  Disallowing them on certain pages without giving us any method of determining whether or not the HTML error message will be properly formatted/displayed when used in a trigger leaves things in a very bad state.
EJWEJW
The rep also mentioned that the second known issue linked above (https://success.salesforce.com/issues_view?id=a1p300000008aa4) has a resolution currently planned for Summer '16, though apparently that won't be applied for the lead conversion screen.
EJWEJW
Here's the KB article the support rep sent me stating they were disallowing HTML in error messages on the lead convert screen for security reasons: https://help.salesforce.com/apex/HTViewSolution?urlname=Messages-Don-t-Include-Hyperlinks-or-Images-when-Converting-Leads&language=en_US
Lars NielsenLars Nielsen
Thanks for the update EJW. After the original report, I/we worked so hard just to prove to them they broke something and then wait 4.5 months for any kind of real respose as to what is going to be the outcome. The crazy thing I could point out 2 other places that follow the same "security hole" as the convert but the cases were immediately closed as as "out-of-scope" because I don't pay the 50k for developer support. 
EJWEJW
Looks like Winter '17 has been changed to filter error messages, removing javascript, certain HTML elements and CSS properties even with escape = false in the addError() call.