Skip to content
Richard CrumMay 26, 2021 11:30:00 AM5 min read

How to Tell If Your Quickbase App Has JavaScript Injection & Why It's Urgent!


Adding custom code to Quickbase Apps is a useful way to extend functionality and create quick solutions for your company’s needs. JavaScript makes up the vast majority of custom code that developers have added to Quickbase apps, which means it’s likely that you have some in your app. Until recently, this was an excellent and encouraged approach to customizing your applications. However, there are some upcoming changes to the way that Quickbase will be handling JavaScript. These changes may limit functionality in ways that could negatively affect your application. Importantly, if you don’t take action to address these changes soon, the consequences could be significant.

Changes coming in June and August will mean that the JSI in your app will no longer be editable, and your app might break.

Quickbase Is Phasing Out JavaScript Injections (JSI)

Rest assured, JavaScript isn't being phased out entirely. It can still be used in designated code pages in Quickbase, but there are a number of ways that JavaScript has been injected (or inserted) that will no longer be allowed. Quickbase announced in February that they’ll be phasing out the platform’s support of JavaScript Injections (JSI). They’re doing this for understandable security and stability reasons.

JavaScript Injection (JSI) adds code in ways that are beyond the purview and control of Quickbase's architects and internal security measures. That's why Quickbase is phasing out the JavaScript Injection functionality – in order to shore up issues that can occur when users add code in ways that don’t necessarily align with or that can jeopardize the core Quickbase functionality.

This Will Likely Impact Your Application

However, the reality is that JSI is pervasive in many customized Quickbase apps. And if you don’t fix the JSI in your app before it is phased out, there’s a good chance your app will lose critical functionality. Furthermore, you may not even be able to fix it without having to rebuild from scratch. 

As of June and August, aspects of JSI will no longer be editable – which could be a big problem for your app's functionality. If you can’t edit a section of code, you can’t easily fix it or remove it. Consequently, you may not be able to address issues retroactively. That's why you need to get ahead of this change to protect your applications. This isn’t the kind of thing to bump down the to-do list. It needs to be top priority, as the changes are coming soon.

Don't know if this applies to you? The following are a few signs that your Quickbase App might have JavaScript Injection. This list isn’t exhaustive, these are just some of the ways that JSI can appear in an app. It’s also not a guarantee that JSI was used if you have one of these features, it's just a potential indicator. But this list offers some quick ways to tell that you might have JSI that will need fixing before the phase out.

Your App Might Have JSI If:

You outsourced to a professional developer. As we mentioned before, JSI used to be standard practice, it's just being phased out. So, much of the customization done in Quickbase apps relies on JSI. If you’ve had a developer work on your app in the past, there’s a good chance they used JSI to create the functionality you wanted. 

You have a custom dashboard. If your dashboard view in Quickbase seems particularly well catered to your company – as in, there aren’t any extraneous links or fields – it’s possible this was created using JSI.

You have an embedded website on one of your forms. If users don’t have to navigate off the form to view a separate website or different page on your site, it’s likely that JSI was used to create this functionality.

You have a custom navigation bar. Can you click one of the tabs at the top of your form and jump to a specific section of the form without having to scroll? That’s likely a sign that there’s JSI in your app.

Your app uses third-party plugins. Does one of your Quickbase forms include an option for an eSignature? Or do you have a document hosting solution embedded in your form? That means your app is connected to a third-party plugin. The chances are good that this connection was created with JSI.

Your form has a pop-up. If there’s a point in your form or data entry process where a window pops up, it was likely created using JSI. This might look like a pop-up that appears and asks if you’re sure you’re ready to submit, or if you’d like to attach a document, or if you really want to override that previous entry.

You can click a button and it checks or fills a box. Essentially, if there’s a place on a form where you can automatically update another field or fields, this might be JSI. This could look like adding date and time stamps, approval or rejection buttons, clock-in or clock-out buttons… there are a lot of ways that this could turn up.

If You Aren’t Sure, Reach Out For Help

Again, the signs listed above aren't a guarantee that you do have JSI in your app, they’re just likely indicators. Equally important, just because your app doesn’t have these specific features, it doesn’t mean that you don’t have JSI. Because JSI has been so pervasively used, it’s difficult to tell at a glance whether it has been implemented in an app. 

The best way to tell? Get a professional JSI Analysis. VeilSun's JSI Diagnostic Tool can quickly identify whether you have JSI in your app, and our experts are ready to help you address any changes that you need to make.

While Quickbase is taking a phased approach to the changes, these dates are coming soon, and you need to get ahead of them. If you've been notified that you have this issue or if you think you might, please reach out!

Set up a complimentary consultation with one of our experts to see if this will impact your application. We'll be more than happy to help you identify any potential issues and find a solution that will keep your applications running smoothly.