function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
GunishGunish 

Embed leadmergewizard.jsp page in a visaulforce page

I am aware that this might no longer be possible because of clickjacking being disabled by default.
I want to know if there is a workaround for this at the moment ?

Currenrlt I see a blank page with the following code.
  
<apex:page showHeader="true" sidebar="true" standardController="Lead">
		<apex:iframe src="/lead/leadmergewizard.jsp?goNext=+Next+&id=00Q7E000000xkIV&cid=00Q7E000000xkHw&cid=00Q7E000000xkIV&isdtp=vw" scrolling="true" id="theIframe"/>
</apex:page>

Appriciate any help with this!

Thanks!
 
Arun KumarArun Kumar
Hi Gunish,

You ca use static resource and then link to that static resource.
Thanks,
Arun
GunishGunish
Hi Arun,

Can you please elaborate what do you mean by that ?
leadmergewizard.jsp is a standard salesforce page.
 
Arun KumarArun Kumar
Hi,

Take a look at this : Clickjack protection for Non-Setup Salesforce Pages.

http://docs.releasenotes.salesforce.com/he-il/winter14/release-notes/rn_186_forcecom_cruc_setup_pages.htm

If you had run your critical update by mistake it could be one of the reasons why you are seeing blank pages.

This critical update enables clickjack protection for all non-setup Salesforce pages to protect against user interface redress attacks.

The article in the above reference specifically talks about this issue:

If your organization displays non-setup Salesforce pages within a frame or , it’s possible that the pages will either display as a blank page or without the frame after clickjack protection is enabled.The behavior varies depending on your browser and its version. Although there are reasons to frame pages, framed pages can be used by hackers.

Also the clickjack protection cannot be disabled without contacting support :

In the Spring ’14 release, the ability to disable clickjack protection from the Session Settings page will be removed, so you’ll have to contact salesforce.com Customer Support if you need to disable it. However, disabling clickjack protection is not recommended.

Read more here to know what and how it impacts you ( though much of this was discussed way before this was enabled full scale)

Upcoming "clickjacking" protection

This may be a better guide :

Winter 13 Clickjacking protection - is the following expected or a bug?
Arun KumarArun Kumar
OR you can use

Try to use this page in the Web tab or custom link.