| Table of Contents |
|---|
Introduction
| English |
|---|
| This article will discuss |
...
| the implementation of Input Sanitization in Joget. |
...
| The purpose of sanitizing text field values is to protect against malicious input that could lead to security vulnerabilities or unintended behavior. In Joget, a sanitization option is available for the |
...
| following form element within the form: |
1. Text Area
2. Text Field
3. Custom HTML
| Info |
|---|
The `Sanitize Input Value?` option will sanitize the input value before storing data to in the database. It will also un-escape it again when loading from the form binder to prevent double escape. |
Step Examples
Step 1
Drag the Text Area, Text Field, and Custom HTML to form
Figure 1: Drag the mentioned form elements
Step 2
Insert the following line into the Custom HTML configuration. It will serve as a sample display of sanitized value.
| Code Block |
|---|
<br> <p>Custom HTML</p><input type="text" name="sample" value=""/> |
Figure 2: Add HTML code
Step 3
In each of the form element advanced options, tick on the "Sanitize Input Value?" to enable sanitization
...
Figure 3: Enable Input Value Sanitization
Step 4
Create CRUD and test. Input value of your choice into 3 of the form fields.
Figure 4: Input text
Step 5
Results:
In listthe datalist, it will show as text as shown in Figure 5
Figure 5: Runtime Result
Press edit on of the list datalist row in Figure 5. The sanitized value of Custom HTML can be seen here.
Figure 6: Custom HTML
...
In the database, the text area & text field value are sanitized as shown in Figure 7.
Figure 7: Database Result
Sample Apps
| View file | ||||
|---|---|---|---|---|
|
...