Activity Forums Salesforce® Discussions My app was rejected by Salesforce Review with error related to JavaScript.

Tagged: , , , ,

  • Salesforce® Discussions

    My app was rejected by Salesforce Review with error related to JavaScript.

    Posted by Obivan on March 16, 2016 at 7:13 am

    I sent a small managed packaged app for review in Salesforce Appexchange. However my app was flagged by SFDC Security Review team. The gist of their concern was
    “JavaScript of any type is not allowed to run within the Salesforce.com application context. This includes JavaScript blocks within HomePageComponents, WebLinks, and all other components that are run under the Salesforce.com DOM.”

    The culprit, I think, are short javascript code that we used for weblinks on some buttons. For example we have a button for fetching info of selected records through GETRECORDIDS() , preparing a redirect URL, and open a VF page.

    Anyway to get around the problem and get the app listed on AppExchange?

    Obivan replied 8 years, 10 months ago 2 Members · 1 Reply
  • 1 Reply

  • Shawn Clarke

    Member
    March 17, 2016 at 9:52 am

    Though it is not mentioned anywhere explicitly, the managed packaged apps are first tested by automated scripts from Salesforce.com side, and once found, they flag JS code as possible Cross-Site Scripting vulnerability.

    Custom Javascript code is always vulnerable to ‘Code Injections’ and are therefore considered a security risk by SFDC. Checkout this post to understand more
    https://developer.salesforce.com/page/Secure_Coding_Cross_Site_Scripting

    The problem has a twofold solution. First you have to make sure that you are using proper encoding functions around your JS codes
    ``

    Once you have done that, you can request re-review of your app. You would have to convince the review team that your app was flagged a false positive and is not vulnerable.

Log In to reply.

Popular Salesforce Blogs

Popular Salesforce Videos

Report

Harassment or bullying behavior
Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Mobile App Reported Contents
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .