What is JotForm?
JotForm is a free online form builder which helps you create online forms without writing a single line of code. No sign-up required.

At JotForm, we want to make sure that you’re getting the online form builder help that you need. Our friendly customer support team is available 24/7.

We believe that if one user has a question, there could be more users who may have the same question. This is why many of our support forum threads are public and available to be searched and viewed. If you’d like help immediately, feel free to search for a similar question, or submit your question or concern.


  • Profile Image

    How does Jotform guard against the potential risk of the Javascript codes submitted in text fields?

    Asked by SFa11401z on September 22, 2016 at 09:45 AM

    Hi,

     

    We have a Jotform Prayer request form that our parishioners use to send in prayer requests. The field where they enter their text is a text area field.

    From tracing it through the browser, it looks like that Jotform receives our text, and processes it with Javascript.

    To me, this raises a security concern, because someone could embed malicious code in the textfield.

    My question is how does Jotform guard against this potential risk? Depending on what is sent, and at what point in time the Javascript runs, it seems to me like their could be risk on our side, as well as Jotform.

    Appreciate your time and help.

     

    Thanks,

    Dave Crout

     

    JotForm thanks text area field and
  • Profile Image
    JotForm Support

    Answered by Chriistian on September 22, 2016 at 12:04 PM

    Hi Dave,

    All form's submission data on our server are secure. We have a very powerful cloud of servers in SSAE16 Audited facilities which provides security protection against malicious attacks. You  can use SSL/secure form URL (https://) to accept submission, the submission data transferred from the browser to our server will also be secure. JotForm support high-grade 256-bit encryption.

    For additional security on your form, you can also try to enable the Encryption setting of your form. For more information about Encrypted Forms, you can check this article: Encrypted Forms and How to Use Them.

     

    Do let us know if you need further assistance.
    Regards.

  • Profile Image

    Answered by SFa11401z on September 22, 2016 at 12:31 PM

    Great, thank you very much !!!! One thing that still bothers me is if someone embeds malicious code in the body of the text. Even with encryption, the malicious code would still get encrypted and come across to Jotform, and processed by Javascript.

    Thanks for your help !!

     

    Dave

     

  • Profile Image
    JotForm Support

    Answered by Welvin on September 22, 2016 at 01:59 PM

    We are using POST method to submit the data to our servers and textarea entries are saved as a text so I don't think someone can run it to our end. Our security is also embedded in the form and all submitted data are validated.