Skip to content

[FeatureReq - Edge Addons site] Add clear validation messages for Permission Justification fields instead of generic error banner #642

Description

@bhuveshrohankar28-cmd

Labels: Feature, Partner Center, Edge Addons

Related to: #640

Summary:

Currently, the "Permission justification" fields on the Privacy tab (Partner Center → extension submission) fail with a generic error banner — "Something went wrong while loading this page. Please refresh to try again." — whenever the input contains certain characters or patterns (e.g. https://, http//, or HTML tag syntax like <script>). This generic message gives no indication of what's actually wrong, and can easily be mistaken for a backend/session error (as happened in #640) rather than an input validation issue.

Requested feature:

Add proper client-side (or clearly surfaced server-side) validation feedback for these fields, similar to how the "Single purpose description" field already shows a live character counter. Specifically:

  1. Inline validation messages — if a justification contains disallowed patterns (URL-like substrings, HTML tags, etc.), show a specific message near the field, e.g. "URLs and HTML tags are not allowed in this field," instead of failing the whole page save.
  2. Live constraints shown upfront — document any character limits or disallowed patterns directly under each Permission justification textbox, the same way the Single Purpose Description field shows "421/1000."
  3. Distinguish input errors from backend errors — the generic red banner is currently reused for both real backend failures (like the 403s in 403 Forbidden error when saving — "Something went wrong while loading this page" #640) and simple input validation issues. Separating these would save developers significant debugging time, since right now both look identical and get misdiagnosed as server problems.

Why this matters:

Since permission justifications often need to reference specific domains or URL patterns to properly explain why a host permission is needed (which is exactly what Microsoft's own guidance encourages), it's easy for developers to accidentally include a URL-like string in their justification text and get blocked with no explanation. This adds friction to an already important compliance step, and makes debugging failed submissions much harder than it needs to be.

Supporting findings from testing (extension: AlgoRhythm, Product ID: 1aa0fde7-c29a-4950-aaa8-219ec6672dc6):

  • Confirmed triggers: https:///http// substrings, <script> tag syntax

Metadata

Metadata

Assignees

Labels

Edge AddonsLabel to filter all items related to Edge AddonsFeaturethe issue is a new feature request that we might eventually implement in the productTrackedthe issue is valid and tracked on our backlog.

Fields

No fields configured for Feature.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions