Deprecated features and alternatives

note

This is a preview version of the User Interface Extensibility Framework v2.0. We may have not identified all missing features and this list may not be comprehensive.

The User Interface Extensibility Framework 2.0 introduces significant architectural changes from previous versions. Notably, certain v1 interfaces are no longer available—some have been replaced with alternative implementations, while others have been deprecated entirely. This document outlines the key differences, available alternatives, and deprecated functionality.

API v2 targets execution in a modern, sandboxed browser environment. As a result, certain legacy client APIs and platform features (e.g. ActiveX, COM) are no longer permitted. Where possible, we provide supported alternatives.

UIX Interface Alternatives

The following table lists UIX 1.0 interfaces that are not available in version 2.0, along with their recommended alternatives.

UIX 1.0 Interface	Alternative in v2.0
`CommandLocation_TaskPane`	Use CommandLocation enum value TaskBar with the ICommands interface. See Taskbar Commands for samples on working with TaskBar.
`IShellFrame.ITaskPane`	Use ICommands interface. See Taskbar Commands for samples on working with TaskBar.
`ITaskPane.Available/Visible`	Taskbar is available starting from version 25.10.15296.9. For backwards compatibility check whether the CommandLocation enumeration value TaskBar is available. This enumeration value was added with TaskBar. The TaskBar is always visible.
`ITaskPane.CreateGroup`	Use CreateTaskbarGroup in the ICommands interface for creating groups in the Taskbar.
`TaskPane.AddCustomCommandToGroup`	Use AddCustomCommandToMenu in the ICommands interface. Here is an example on how to add commands to a custom taskbar command group.
`ICommands.SetIconFromPath`	Use SetIcon or SetTaskbarGroupIcon for setting icons for commands or Taskbar groups.
`ICommonFunctions.ExecuteURL`	Use OpenExternalWebLink.
`ICommonFunction.ReadTextFile`	VAF (Vault Application Framework) can be used as a workaround.
`IDashboard.Vault`	Use IDashboard's reference to ShellFrame, which provides access to ShellUI which then has access to Vault.
`MFiles.CreateInstance`	Use the new keyword for creating M-Files API objects. E.g.`const objVer = new MFiles.ObjVer();`
`SessionInfo.ClientCulture`	Use GetClientLocale.

Vault API Alternatives

The following table lists Vault API methods that are not directly available in version 2.0, along with their recommended alternatives.

Vault API Method	Alternative in v2.0
`ClassOperations.GetObjectClass`	Use GetObjectClassesAndGroups.
`ClassOperations.GetObjectClassIDByAlias`	Use GetMetadataStructureItemIdByAlias.
`ObjectFileOperations.AddEmptyFile` / `AddFile`	Use AddObjectFile as a workaround. The original method expected a source path, which is insecure. Create file content (e.g., via drag-and-drop) and use `AddObjectFile`. Currently supported only for objects in the current listing.
`ObjectOperations.CheckIn`	Use CheckInMultiple.
`ObjectOperations.CheckOut`	Use CheckOutMultiple.
`ObjectOperations.CreateNewObject`	Use AddObjectWithFiles.
`ObjectOperations.CreateNewObjectEx`	Use AddObjectWithFiles.
`ObjectOperations.GetLatestObjectVersionAndProperties`	Use GetObjectDataOfMultipleObjects.
`ObjectOperations.GetMFilesURLForObject`	Use GetWebLink.
`ObjectOperations.GetObjectInfo`	Use GetObjectDataOfMultipleObjects with the required OBJECTDATAREQUESTFLAGS.
`ObjectOperations.GetObjectPermissions`	Use GetEffectivePermissions.
`ObjectOperations.IsObjectCheckedOut`	Use GetObjectDataOfMultipleObjects with the `object_version` flag. The return value(s)'s ObjVer's ObjVerVersion contains ObjVerVersionType.
`ObjectPropertyOperations.SetProperty`	Use SetPropertiesMultiple.
`ObjectSearchOperations.SearchForObjectsByConditions`	Use SearchObjects.
`ObjectSearchOperations.SearchForObjectsByConditionsEx`	Use SearchObjects.
`ObjectTypeOperations.GetObjectTypeIDByAlias`	Use GetMetadataStructureItemIdByAlias.
`IObjectVersionPermissions.AccessControlList`	Use GetEffectivePermissions.
`PropertyDefOperations.GetPropertyDefIDByAlias`	Use GetMetadataStructureItemIdByAlias.
`UserGroupOperations.GetUserGroupIDByAlias`	Use GetMetadataStructureItemIdByAlias.
`IValueListItem.GetIconAsPNG`	Use GetValueListItemIconURL.
`ValueListItemOperations.GetValueListItemByID`	Use SearchValueListItemsWithPermissions.
`WorkflowOperations.GetWorkflowIDByAlias`	Use GetMetadataStructureItemIdByAlias.
`WorkflowOperations.GetWorkflowStateIDByAlias`	Use GetMetadataStructureItemIdByAlias.

Deprecated Features

The following features from version 1.0 are deprecated and will not be supported in the new framework.

Feature	Notes
`IShellUI.CreatePersistentBrowserContent`	Not supported in the new framework.

Unsupported Environment Features

Due UIXv2 applications running in web-based environment, the following features and objects are not directly supported.

Browser APIs

Feature	Reason
`window.open()`	Requires `allow-popups` iframe sandbox attribute
`window.alert()`	Requires `allow-modals` iframe sandbox attribute
`window.prompt()`	Requires `allow-modals` iframe sandbox attribute
`parent`	Usage restricted by browser security
`document`	Sandboxed application can access its own DOM, but not the parent's
`msFullscreenElement`	Microsoft-specific Legacy API not available.
`navigator.msSaveOrOpenBlob`	Microsoft-specific Legacy API not available.

Enabling Sandbox Attributes

Some browser APIs like window.open(), window.alert(), and window.prompt() can be enabled by configuring sandbox attributes in your application manifest. See the Sandbox Attributes Support sample for details on how to configure allow-popups, allow-modals, and other sandbox permissions for your UIXv2 application.

ActiveX and COM Objects

UIXv2 applications execute within sandboxed iframes in modern browser execution environment, which enforce strict security boundaries. Unlike the legacy Internet Explorer environment—where web applications could instantiate COM objects and run with near-native privileges—modern browsers isolate JavaScript execution and explicitly block access to native OS APIs.

Why these objects cannot work:

Browser sandbox isolation: Modern browsers enforce strict process isolation. JavaScript running in an iframe cannot escape the sandbox to invoke native OS APIs, spawn processes, or access the Windows registry.
No ActiveXObject API: The new ActiveXObject() constructor was an IE-specific extension, never part of web standards. No modern browser implements it.
Cross-origin security model: Sandboxed iframes operate under Same-Origin Policy and Content Security Policy (CSP), blocking calls to local resources.
No in-process COM hosting: ActiveX controls ran in-process with IE, sharing its memory space. Modern browsers isolate renderer processes and block loading arbitrary native DLLs.

The following ActiveX and COM-based objects are not supported:

Object	Original Purpose	Why It's Blocked
`ActiveXObject`	Instantiate COM objects from JavaScript	IE-specific API; not implemented in any modern browser
`WScript.Shell`	Execute programs, manipulate registry, create shortcuts	Requires direct OS access; would allow arbitrary code execution
`Microsoft.XMLDOM`	Parse and manipulate XML documents	IE-specific; replaced by native `DOMParser` and `XMLSerializer` APIs
`Outlook.Application`	Compose emails, access calendar and contacts	Requires COM automation of Outlook process; major security risk
`Scripting.FileSystemObject`	Read/write local files and folders	Direct filesystem access violates browser sandbox model
`Shell.Application`	Windows Shell operations (browse folders, invoke verbs)	Requires native Windows Shell integration
`SenchaToolbox.Toolbox`	M-Files proprietary IE integration	Relied on IE plugin architecture (NPAPI/ActiveX)
`MFilesAPI.MFilesClientApplication`	Direct access to M-Files COM API	Requires in-process COM instantiation on client machine

Migration Alternatives

Deprecated Functionality	Modern Replacement
XML parsing (`Microsoft.XMLDOM`)	Native `DOMParser`, `fetch()` with XML response
File operations (`Scripting.FileSystemObject`)	File System Access API (with user permission), or server-side processing via VAF
Email composition (`Outlook.Application`)	`mailto:` links, or server-side email APIs (Microsoft Graph API, SMTP)
Shell operations (`Shell.Application`, `WScript.Shell`)	Server-side automation via VAF, or companion desktop application
M-Files client access (`MFilesAPI.MFilesClientApplication`)	gRPC API or UIXv2 methods

tip

For functionality previously provided by COM or ActiveX, consider using server-side implementations via the Vault Application Framework (VAF).

Deprecated features and alternatives

UIX Interface Alternatives​

Vault API Alternatives​

Deprecated Features​

Unsupported Environment Features​

Browser APIs​

ActiveX and COM Objects​

Migration Alternatives​