You are viewing limited content. For full access, please sign in.

Question

Question

LFF9312-ErrorOccuredDuringFormsValidation

asked on July 9, 2019

We are implementing a fairly complicated form which has a number of required fields that are hidden under some circumstances. If everything is completed correctly, the form submits just fine. If a required field is missed and submitted, it errors back to complete the required field but then throws up errors on a hidden field when we try to resubmit.

I see from looking through answers that there is a fix for this is in 10.3.1, however, we are not getting that update until after our network server is upgraded, which will be after our scheduled go live of this form. 

I also see that a work around is to disable the backend validation. I did so and have tested fairly thoroughly and that seems to work, but my question is .. what potential ramifications might we encounter if we go live with the backend validation disabled? Should I be concerned about going live with this form without that validation? Also, am I understanding correctly that this issue should be resolved when we upgrade to 10.3.1?

Thanks for your help!

0 0

Answer

SELECTED ANSWER
replied on July 10, 2019

Backend validation re-checks all the form inputs to ensure they still comply with the validation rules after the form is submitted. For instance, if you have a number field that is restricted to a value from 1 to 10, we make sure on the front end that the form cannot be submitted if the value entered is 50. However, it is possible for a powerful user to change the front end code on the browser and remove this 1 to 10 restriction on the field. They could then enter any value and allow the form to submit. With backend validation, we would recheck the value against the 1 to 10 and reject the submission. Without backend validation, it is possible that a form field could be submitted that doesn't conform to the validation rules. 

If this form is an internal form, this form would be considered relatively safe as long as no internal employee turns out to be a malicious user. I would also consider the severity of what would happen IF some of the required fields were not filled out or some of the validation was not met. You could also use a gateway in the process to check that all required fields are properly filled in, and if not, send a user task back to the initiator to correct the form. If the form is public facing, I would be more cautious about turning off backend validation. 

As for the fix to this issue, we did fix a few bugs relating to what you are describing. It looks like we fixed a bug where columns in tables were not getting properly ignored when the table was hidden and fixed a bug relating to required list fields and blank values. Without knowing more details about the specific required hidden fields, I can't say for sure whether it will be fixed, but if you open a support case, we can ask support to try to reproduce the issue on the latest 10.3.1 update to verify for sure. 

0 0
replied on July 11, 2019

Ok, thank you. That is consistent with my testing (the number formats). I don't think we will have anyone entering anything maliciously. I think we'll just go forward with the go live and then the upgrade and see where we land.  Thanks for your help! 

0 0

Replies

You are not allowed to reply in this post.
You are not allowed to follow up in this post.

Sign in to reply to this post.