Users are able to submit javascript code trough the browser console, regardless of UI PoliciesIssue Users are able to submit javascript code trough the browser console, regardless of UI Policies. They can access front-end APIs. Function like g_form.save() can be used to Save the record after editing the read only fields set by UI policies.This issue exists in all the supported versions. A user who has write access on a form can bypass the UI policies by executing API commands on the console.CauseThis is not a bug in the platform. UI Policies/Client Scripts are not a security measure as they are just preventing changes in the form and only a tool to guide input. ResolutionIf there is a business need to restrict data entered in forms, Data Policy(or even ACLs) must be used in conjunction with UI Policy and other client-side methods.