• Tutorials
• 1.8 Manual
• 1.7
• 1.6
• 1.5
• 1.4
• 1.3
• 1.2
• 1.1
• 1.0
• 1.9-dev
• API reference

Developer manual

• ^ Jelix components
• ^ jForms: automatic forms
  • jForms file format
  • Creating a jforms file
  • Initializing a form
  • Displaying a form in a template
  • Using a form after a submit
  • Using a form with Xhr
  • display only form values
  • Security in forms
  • Configuring the jforms cache

Jelix 1.9.0-dev

Section: Security in forms

« display only form values

^ jForms: automatic forms

Configuring the jforms cache »

Switch to language: FR

By default, jForms has some security check. HTML Builders of jforms escape content during the display, to avoid some security issues like Cross Site scriptings.

It supports also protection against CSRF. This protection don't allow the submission of the form from an origin other than your application. However, if you want to allow any web sites to submit data to your form, you can disable this protection. To do it, put an attribute allowAnyOrigin="true" on the <form> element. You can also change the securityLevel property on your form object. It can take one of this two value:

• jFormsBase::SECURITY_CSRF to enable the CSRF protection (default value)
• jFormsBase::SECURITY_LOW to disable it