Introduction
This article will discuss the implementation of Input Sanitization in Joget. The purpose of sanitizing text field values is to protect against malicious input that could lead to security vulnerabilities or unintended behavior. In Joget, a sanitization option is available for the following form element within the form:
1. Text Area
2. Text Field
3. Custom HTML
The `Sanitize Input Value?` option will sanitize the input value before storing data in the database. It will also un-escape it again when loading from the data store to prevent double escape.
Step Examples
Step 1
Drag the Text Area, Text Field, and Custom HTML to form
Figure 1: Drag the mentioned form elements
Step 2
Insert the following line into the Custom HTML configuration. It will serve as a sample display of sanitized value.
<br> <p>Custom HTML</p><input type="text" name="sample" value=""/>
Figure 2: Add HTML code
Step 3
In each of the form element advanced options, tick on the "Sanitize Input Value?" to enable sanitization
Figure 3: Enable Input Value Sanitization
Step 4
Create CRUD and test. Input the value of your choice into 3 of the form fields.
Figure 4: Input text
Step 5
Results:
In list, it will show as text as shown in Figure 5
Figure 5: Runtime Result
Press edit on the list row in Figure 5. The sanitized value of Custom HTML can be seen here.
Figure 6: Custom HTML
In the database, the text area & text field value are sanitized as shown in Figure 7.
Figure 7: Database Result
Sample Apps
APP_kb-dx8_formInputSanitization.jwa