Form Input Sanitization

Introduction

This article explains how to implement input sanitization in Joget to safeguard against malicious inputs that could lead to security risks or unpredictable behavior. In Joget, you can sanitize input values for the following form elements:

Using the Sanitize Input Value? option ensures that input values are sanitized before being stored in the database and correctly unescaped when retrieved, preventing double escape issues. To incorporate this security feature into your Joget forms, follow these detailed steps:

How does it work?

Drag the Text Area, Text Field, and Custom HTML elements onto your form.
Insert the following HTML code into the Custom HTML element configuration. This serves as an example to display the sanitized value.
```
<p>Custom HTML</p><input type="text" name="sample" value=""/>
```
For each form element, go to advanced options and check the Sanitize Input Value? option to activate input sanitization.
Develop CRUD (Create, Read, Update, Delete) functionality and test it by entering values of your choice into the three form fields.
Observe the Results:

List Display: The sanitized values will appear as plain text in the list.
Edit Mode: When editing a list row, the sanitized value in the Custom HTML element is visible.
Database: The text area and text field values are stored in a sanitized format.

Download sample app

Download the demo app for Form Input Sanitization:

APP_kb_dx8_formInputSanitization.jwa

This guide provides a comprehensive approach to securely handling input in Joget forms, ensuring data integrity and protection from potential threats.

Created by Julieth Last modified by Aadrian on Dec 13, 2024

Tags:

Previous Add validation to Rich Text Editor NextFrontend Validation