Prevent XSS Attack
When using Hash Variable that uses URL parameter or user-inputted value in your custom JS scripts, ensure that these hash variable(s) are escaped!
Make use of hash variable escape keywords, see Hash Variable - Escaping the Resultant Hash Variable.
Use ?javascript hash variable escape. Example:
#requestParam.id?javascript#
Introduction
Custom HTML in Form Builder can be used to achieve advanced form design.
Get Started
The easiest way to see how the Custom HTML works is to use the existing built-in App Expenses Claims. Here are the steps:
Steps | Screens (Click to view) |
---|---|
|
Figure 1
Figure 2 Figure 3 |
Custom HTML Properties
Edit Custom HTML
Name | Description | Screen (Click to view) |
---|---|---|
ID | Element ID (By declaring as "html", a corresponding database table column "c_html" will be created) Making it Hidden You can name the ID as "hidden" and the content will be hidden away in the runtime/actual userview. | |
Custom HTML | Custom HTML in Form Builder can be used to achieve advanced form design by putting in any valid -
|
Advanced Options
Name | Description | Screen (Click to view) |
---|---|---|
Label | Element Label to be displayed to the end-user. | |
Auto populate saved value? | Toggle to the auto-populate saved value. The <input> Element Any <input> element in the custom HTML will be automatically retrieved so long as the name attribute is the same as the database table column Does not support the following input types: file, button, submit, reset & image |
Attachments:







