cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
MZSR
Level: Powered On

Confusion around client-scripting in PowerApps

Hi,

 

My colleagues from Information Security have raised concerns around users having the ability to insert client-scripting (JavaScript) to PowerApps. My assumption was that the UI is intended to be a no-code surface for building apps without code, but this seems to apply to canvas apps only. Model-driven apps allow this?

 

https://docs.microsoft.com/en-us/powerapps/developer/model-driven-apps/client-scripting

 

Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions
MZSR
Level: Powered On

Re: Confusion around client-scripting in PowerApps

I just noticed creating or running model-driven apps requires a PowerApps Plan 2 license, which would already tackle the issue for us (we do not foresee to assign this license to many users).

5 REPLIES 5
MZSR
Level: Powered On

Re: Confusion around client-scripting in PowerApps

Shameless bump. Smiley Very Happy

Community Support Team
Community Support Team

Re: Confusion around client-scripting in PowerApps

Hi @MZSR,

 

The client-scripting is something similar to the behavior formula mentioned in Canvas Apps.

Which is mostly applies to the Model-Driven App actions/Events, such as

a form loads, or Data changes.

A detailed explanation is as below:

"

An event occurs in Customer Engagement forms whenever:

  • A form loads
  • Data is changed in a field or an item within the form
  • Data is saved in a form

You can attach your JavaScript code to "react" to these events so that your code gets executed when the event occurs on the form. You attach your JavaScript code (scripts) to these events by using a Script web resource in Customer Engagement.

"

More information see:

Client scripting in CUstomer Engagement using JavaScript

 

For what operations could be done through the client-scripting, see:

Understand the CLient API object model

 

Regards,

Michael

 

Community Support Team _ Michael Shao
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
MZSR
Level: Powered On

Re: Confusion around client-scripting in PowerApps

Thank you Michael, that helps! Assuming this is not just limited to specific operations or libraries, from a security point of view, would you see any potential threat in using this?

 

We've had many discussions in the past internally around the use of active code and potential Cross-Site Scripting (XSS) attacks, and I'm trying to better understand if this is a valid concern for PowerApps.

MZSR
Level: Powered On

Re: Confusion around client-scripting in PowerApps

I just noticed creating or running model-driven apps requires a PowerApps Plan 2 license, which would already tackle the issue for us (we do not foresee to assign this license to many users).

PowerApps Staff HemantG
PowerApps Staff

Re: Confusion around client-scripting in PowerApps

Hi MZSR,

Please reach out to me (hemantg@microsoft.com) for discussion on this. In short any customization which has the client script added to the app (currently model and future canvas) needs to be reviewed and imported only by customizer and above roles. Users below this level of privelege cannot add any scipt whether web resources or custom controls. 

 

 

Hemant 

Helpful resources

Announcements
firstImage

PowerApps Monthly Community Call!

Join us next Wednesday for our Demo Extravaganza, October 16, 2019 8am PDT.

firstImage

Microsoft Business Applications Virtual Launch Event

Join us for an in-depth look at the new innovations across Dynamics 365 and the Microsoft Power Platform.

firstImage

Watch Sessions On Demand!

Continue your learning in our online communities.

Power Platform 2019 release wave 2 plan

Power Platform 2019 release wave 2 plan

Features releasing from October 2019 through March 2020

FirstImage

Power Platform World Tour

Coming to a city near you

thirdimage

PowerApps Community User Group Member Badge

Fill out a quick form to claim your user group badge now!

FourthImage

Join PowerApps User Group!!

Connect, share, and learn with your peers year-round

SecondImage

Power Platform Summit North America

Register by September 5 to save $200

Top Kudoed Authors
Users Online
Currently online: 269 members 3,893 guests
Please welcome our newest community members: