Skip to content
Grav 2.0 is officially stable. Read the announcement →
General

Form backend validation

Started by Alexander Kim 8 years ago · 3 replies · 678 views
8 years ago

As i've noticed this form plugin only does clientside HTML5 validation, is there a way to make validation on the backend? Clientside is not secure, because users can modify it.

8 years ago

Where or how did you notice this?

8 years ago

Because inputs allow even <script> to be submitted without validation, if i make validate.required or validate.pattern it adds clientside only validation.

8 years ago

Does the script run or does it get escaped? Have you been able to use this to run some javascript from form input?

You'll have a much better chance to get help if you describe a lot more about what you've found with examples. No-one wants to tease this out of you slowly, especially volunteers trying to help. I am sure this will be taken very seriously with reproducable evidence.

Suggested topics

Topic Participants Replies Views Activity
General · by Hanns Mattes, 3 weeks ago
1 268 3 weeks ago
General · by Andy Miller, 3 weeks ago
0 196 3 weeks ago
General · by Jerry Hunt, 3 weeks ago
2 331 3 weeks ago
General · by pamtbaau, 3 weeks ago
1 253 3 weeks ago
General · by Andy Miller, 3 weeks ago
0 223 3 weeks ago