Salesforce B2C Commerce 24.7 > Administering Your Organization

JavaScript and Objects in HTML Attributes

For security reasons, only Business Manager users with strong authentication, such as through multifactor authentication with Account Manager, can include JavaScript and objects embedded with iframe, object, applet, or embed tags in the HTML attributes of a database object.

A Business Manager user with strong authentication can temporarily allow users without strong authentication to include JavaScript and embed objects in HTML attributes. Go to Administration > Global Preferences > JavaScript in Attributes, and click Enable. For 1 hour, users without strong authentication can include JavaScript and embed objects in HTML attributes.

To authenticate users using multifactor authentication with Account Manager, enable Unified Authentication with Account Manager in Business Manager at Administration > Global Preferences > Security. Also, in Account Manager, assign the user’s account to a role that requires multifactor authentication.

Important: Separate from the issue of JavaScript and embedded objects in HTML attributes, Salesforce strongly recommends that you implement multifactor authentication for all Business Manager users.

Infocenter Retirement: On June 30, 2023, the Infocenter was retired, and documentation currently hosted on the Infocenter will be published to Salesforce Help, Commerce Cloud Developer Center, and Salesforce B2C Commerce Developer Documentation Resources. For more information, see the release note.