Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Introduction

English
This article will discuss

...

the implementation of Input Sanitization in Joget.

...

The purpose of sanitizing text field values is to protect against malicious input that could lead to security vulnerabilities or unintended behavior. In Joget, a sanitization option is available for the

...

following form element within the form:


1. Text Area

2. Text Field

3. Custom HTML

Info

The `Sanitize Input Value?` option will sanitize the input value before storing data to in the database. It will also un-escape it again when loading from the form binder to prevent double escape.

Step Examples

Step 1

Drag the Text Area, Text Field, and Custom HTML to form

Figure 1: Drag the mentioned form elements 

Step 2

Insert the following line into the Custom HTML configuration. It will serve as a sample display of sanitized value.

Code Block
<br>
<p>Custom HTML</p><input type="text" name="sample" value=""/>


Figure 2: Add HTML code

Step 3

In each of the form element advanced options, tick on the "Sanitize Input Value?" to enable sanitization 

...

Figure 3: Enable Input Value Sanitization

Step 4

Create CRUD and test. Input value of your choice into 3 of the form fields.

Image Modified

Figure 4: Input text

Step 5

Results:

In listthe datalist, it will show as text as shown in Figure 5
Image Modified

Figure 5: Runtime Result


Press edit on of the list datalist row in Figure 5. The sanitized value of Custom HTML can be seen here.

Image Modified

Figure 6: Custom HTML

...

In the database, the text area & text field value are sanitized as shown in Figure 7.

Image Modified 

Figure 7: Database Result

Sample Apps

View file
nameAPP_kb-dx8dx7_formInputSanitization.jwa
height250

...