How does Jotform guard against the potential risk of the Javascript codes submitted in text fields?

  • Profile Image
    Asked on September 22, 2016 at 09:45 AM



    We have a Jotform Prayer request form that our parishioners use to send in prayer requests. The field where they enter their text is a text area field.

    From tracing it through the browser, it looks like that Jotform receives our text, and processes it with Javascript.

    To me, this raises a security concern, because someone could embed malicious code in the textfield.

    My question is how does Jotform guard against this potential risk? Depending on what is sent, and at what point in time the Javascript runs, it seems to me like their could be risk on our side, as well as Jotform.

    Appreciate your time and help.



    Dave Crout


  • Profile Image
    Answered on September 22, 2016 at 12:04 PM

    Hi Dave,

    All form's submission data on our server are secure. We have a very powerful cloud of servers in SSAE16 Audited facilities which provides security protection against malicious attacks. You  can use SSL/secure form URL (https://) to accept submission, the submission data transferred from the browser to our server will also be secure. JotForm support high-grade 256-bit encryption.

    For additional security on your form, you can also try to enable the Encryption setting of your form. For more information about Encrypted Forms, you can check this article: Encrypted Forms and How to Use Them.


    Do let us know if you need further assistance.

  • Profile Image
    Answered on September 22, 2016 at 12:31 PM

    Great, thank you very much !!!! One thing that still bothers me is if someone embeds malicious code in the body of the text. Even with encryption, the malicious code would still get encrypted and come across to Jotform, and processed by Javascript.

    Thanks for your help !!




  • Profile Image
    Answered on September 22, 2016 at 01:59 PM

    We are using POST method to submit the data to our servers and textarea entries are saved as a text so I don't think someone can run it to our end. Our security is also embedded in the form and all submitted data are validated.