Section: Security in forms
|« display only form values||^ jForms: automatic forms||Configuring the jforms cache »|
By default, jForms has some security check. HTML Builders of jforms escape content during the display, to avoid some security issues like Cross Site scriptings.
It supports also protection against CSRF.
This protection don't allow the submission of the form from an origin other
than your application. However, if you want to allow any web sites to submit
data to your form, you can disable this protection. To do it, put an attribute
allowAnyOrigin="true" on the
<form> element. You can also change
securityLevel property on your form object. It can take one of this
jFormsBase::SECURITY_CSRFto enable the CSRF protection (default value)
jFormsBase::SECURITY_LOWto disable it