Expand my Community achievements bar.

SOLVED

How to hide source code in the HTML5 form that is rendered from XDP form?

Avatar

Level 5

Hello Everyone,

 

Currently I have an XPD template form that is uploaded in AEM 6.5, and a piece of code converts this form and renders it as HTML5 form. In the browser when I access this HTML form, I  can view the source code and its scripts by right clicking the mouse and selecting the 'View page source'. Is there a way to hide the source code and still allow the scripts in the form to work correctly?

Is there any script that can be added to the XDP template/form or is there any setting in AEM 6.5 or in the Designer 6.5 that can be used to hide the source code in the HTML form?

 

Is there a concept like minification associated with JS and CSS that can be applied in AEM 6.5?

 

Is there any filter that can be applied in the dispatcher.any or any other configuration file or setting to hide the source code? I understand that the changes done here will affect all the forms and not specific ones. 

 

Thanks,

Leena

1 Accepted Solution

Avatar

Correct answer by
Employee

Hi @aemuser001 ,

no, the "source code" you are referring to is the active part which make the form work in the browser.These forms are not processed by the dispatcher, they render inside the browser.

You can try to move critical scripts to server (in script event you have the option to run script Client, Server or both). But that is not a general solution and depends on the use case and sequence of events. 

Kosta

View solution in original post

8 Replies

Avatar

Correct answer by
Employee

Hi @aemuser001 ,

no, the "source code" you are referring to is the active part which make the form work in the browser.These forms are not processed by the dispatcher, they render inside the browser.

You can try to move critical scripts to server (in script event you have the option to run script Client, Server or both). But that is not a general solution and depends on the use case and sequence of events. 

Kosta

Avatar

Level 5

Hi Kosta,

 

Thank you for this very useful response.

 

I like to do two tasks:

1. In the browser I like to perform Input Form Validation before the End-User submits the form to the server.

2. Run formulas and scripts that need to be secure and not be visible to the outsider.

 

The AEM Designer 6.5 is used here. When opening the XDP form and viewing the Form Properties | Defaults there are 2 options for Default Language and 3 options for Default Run At.

 

    1. Default Language: JavaScript
      • Default Run At:  Client or Server or Client and Server
    2. Default Language: FormCalc
      • Default Run At: Client or Server or Client and Server

 

I. What combination of options is recommended when validating the fields at the client-side (e.g phone format, Number format etc.,) ? For each field in the form there is the ‘Patterns…’ window that is used for field validation. My understanding is that this is used for the client-side form input validation. Does this need to be used in combination of Default Language: JavaScript and Default Run At: Client?

 

II. What combination of options is recommended when running scripts and formulas?

 

III. What combination of options is recommended when using both form validation and executing scripts and formulas?

 

Thanks in advance for the response.

Leena

Avatar

Employee

Hi Leena,

I had a closer look and found out that the HTML form is always transferring the whole XFA scripting, no matter what the point of execution. I guess the only way to hide functionality is to run the secret logic as part of a prefill data orchestration and possibly invoke orchestrations via SOAP Dataconnection when running JEE stack or custom services in the OSGi variant of Forms.

I learned something about HTML forms I did not realize before...

Kosta

Avatar

Level 5

Hi Kosta,

 

Thanks for the confirmation. Greatly appreciate the responses.

 

Thanks,

Leena

Avatar

Employee Advisor

@aemuser001  No this is not possible if you inject another script to hide the source somehow then you will end up breaking the form functionality.

 

Avatar

Level 5

Good Morning Mayank,

 

Thank you for the confirmation. Will Adobe in the future implementation a feature/function/script to hide the HTML source code when rendering the XDP template as HTML5 form?

 

Thanks,

Leena