Salesforce Summer '21 Release: Dynamically generated HTML being stripped by Lightning Locker Service
Salesforce’s Summer ‘21 Release changes the way Lightning Locker handles < (carets) in dynamically created elements. A typical pattern in jQuery is to dynamically append HTML code inside a DIV. In Salesforce’s Spring ‘21 Release, this HTML code was correctly interpreted and displayed; in Salesforce’s Summer ‘21 Release, Lightning Locker Service is looking for the < (carets) and stripping out its contents. This issue appears to be isolated to custom code. We have no reports of standard Skuid functionality being impacted.
Who is Affected:
ALL of these factors must be true for you to be affected:
- Salesforce’s Summer ‘21 Release (please see status.salesforce.com to see when your production org will be upgraded to Salesforce’s Summer ‘21 Release)
- Skuid pages in the Lightning runtime
- Some form of custom code - either Inline CSS or jQuery dependent snippets.
What Will I See?
We have seen evidence of the following scenarios:
- If you are using inline CSS that appends a SVG tag to the Style node, all of the CSS (including the SVG and the CSS classes) will be ignored. Skuid has confirmed this scenario.
- Snippets using jQuery append. HTML added to a DIV will not be present. We have not gotten reports of this being problematic, but have seen this in our testing. We recommend testing thoroughly.
Please thoroughly test any of your Skuid pages that have custom code and are being used in the Lightning runtime.
To correct the issue with inline CSS, move ALL of the CSS into a static resource. Please note that this will also improve performance since this CSS will now be cached!
What is being done:
Skuid has opened a case with Salesforce regarding this issue. We are working collaboratively to get this issue resolved ASAP. Skuid product engineering is also investigating what other things Skuid can do.
Thank you for your patience as we work to get this resolved!