You are viewing limited content. For full access, please sign in.

Question

Question

How does 'backend-readonly' attribute work?

Forms Version 10 Web Customizations
Updated September 27, 2018
asked on September 21, 2018

I am having an issue where I can go into Forms and inspect the element of a readonly field such as:

 

From there I can remove the readonly attribute and it makes the field editable.

 

I noticed that on some forms here made by others, there is an attribute named “backend-readonly”. I have done my homework, but nobody can inform me about this.

On these forms I cannot edit the text content if I remove all the readonly attributes (readonly & backend-readonly). I could add the 'backend-readonly' attribute on my form, but it makes no difference. Also, ‘Backend Valdition’ is turned off on these forms.

 

Any idea where this ‘backend-readonly’ attribute came from and how it works?

 

Thanks,

 

Chris Cartrett

0 0

Replies

replied on September 25, 2018

These are risks you run with any browser based form.  A Google search will find you some code samples to make it harder to get in to the inspector (like stopping right-clicks or F12) but it won't stop a tenacious and saavy user.

Have you had issues with people doing tweaks like that to get around your form structure?

1 0
View 1 previous reply
replied on September 25, 2018

I was thinking it had to be normal due to the lack of responses here, lol. Thanks for the clarification!

I have been using the html edits while in development to test lookups and such. We have not had any issues (knock on wood) that I am aware of. I just like to be proactive and I am kinda new-ish to the web development field. 

Thanks again :)

0 0
replied on September 25, 2018

I totally get it.  In most development environments, you would protect from it by doing all your validations and calculations server-side.  But since we're piggy-backing on the structure built by forms - it does mean we end up relying a little more on front-end functionality, especially for customization.

I've never tried it, but perhaps you could add Javascript that monitors for changes and either reinstates the removed functionality or prevents form submission.

1 0
replied on September 27, 2018

FYI,

I had my VAR submit a support call to Laserfiche for verification. They agree with everything Matt has said. They also stated that even if the html is modified the modified value will not get saved. I have found that if the read-only attribute is applied using javaScript , that the modified value is saved. Not only that, but if that field kicks off a lookup, all of those values are saved. I am assuming that Laserfiche meant to say that when the read-only value is assigned in the Forms Layout tab, then the modified value is not saved. If anyone could confirm that, that would be great. 

Thanks

0 0
replied on September 27, 2018

Yes, that is correct.

1 0
replied on September 25, 2018

From what I can tell, the backend-readonly attribute is present whenever a field has a lookup. That still begs the question, can any user simply right click and remove the read-only attribute and then edit a field? Is there a way to secure the fields?

0 0
replied on September 27, 2018

FYI, my VAR submitted a support call to Laserfiche and they agreed completely with Matt above. Additionally, they stated that if the html is modified that value will not get saved. I have seen that even though the value is not saved (I have not confirmed this yet), if that field kicks off a lookup, those values are saved as variables. Has anyone else seen this?

You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...