Status – Tested
Salesforce Update Description
Blocking execution of JavaScript in the HYPERLINK function was a critical update in Summer ’17 and will be activated automatically for all orgs on October 30, 2017. This change was phased in over several releases. It addresses a security vulnerability that arises when you use JavaScript in the URL argument of a HYPERLINK function. The JavaScript can include cross-site scripting and make the URL execute on behalf of users.