AIEDAM - ZAPSupport-Tutorials

Tutorials Support > Tutorials > MoreAboutForms

Recently ZAP introduced a new markup which allows you to submit fields and values to ZAP without using hidden input fields. Here's how it works. Suppose you had this ZAP form in your wiki:

(:messages:)
(:zapform:)
(:input hidden emailsubject "Email from my website":)
(:input hidden email "email@example.com":)
SEND ME A MESSAGE:
||Your Email: ||(:input text emailfrom size=40:)
||Subject: ||(:input text emailsubject size=40:)
||Message: ||(:input textarea emailbody cols=34 rows=6:)
|| ||(:input submit value="Send Message":)
(:zapend:)

If someone were to look at the html output of this form, they would be able to see your email subject, and worse--your email address. This information could be hidden using ZAP's input markup:

(:messages:)
(:zapform:)
(:zap emailsubject="Email from my website":)
(:zap email="myemail@example.com":)
SEND ME A MESSAGE:
||Your Email: ||(:input text emailfrom size=40:)
||Subject: ||(:input text emailsubject size=40:)
||Message: ||(:input textarea emailbody cols=34 rows=6:)
|| ||(:input submit value="Send Message":)
(:zapend:)

The only difference is that the emailsubject and email fields have been changed to (:zap field="value":) markups. If you look at the html output however, there is no trace of either. Instead both are stored as SESSION variables, and retrieved again when the form is submitted.

This provides extra security in another way as well. Using session variables makes it more difficult for hackers to forge a form submission, as they cannot be overwritten by POST values. In fact, as an extra security feature, all extension commands, and some core commands can ONLY be triggered using this markup.

Multiple Forms
There may be times you have more than one ZAP form on a page. This includes forms in groupheaders/groupfooters. If so, each form should be given a unique form key. Taking the example above, let's assign the key "ContactForm":

(:messages:)
(:zapform key=ContactForm:)
(:zap emailsubject="Email from my website" ContactForm:)
(:zap email="myemail@example.com" ContactForm:)
SEND ME A MESSAGE:
||Your Email: ||(:input text emailfrom size=40:)
||Subject: ||(:input text emailsubject size=40:)
||Message: ||(:input textarea emailbody cols=34 rows=6:)
|| ||(:input submit value="Send Message":)
(:zapend:)

Make sure you include the form key with each (:zap:) markup, so ZAP knows which form to assign that field and value too. Do not include it in any normal input fields.

Click here for the next step in this tutorial: Commands...

Member Login >>lnav<< Home About ? People ? Research ? Teaching ? >><< >>rnav<< Edit History Recent Changes Submit Paper \| Submit Paper \| Submit Review \| Email to Editor \| Mailing List \| Print \| Sign Up \| Login
About ? What's New Editorials Purpose Editorial Board Editor Associate Editors Board Members At Cambridge Press Papers First View Latest Issue Back Issues Papers First View Latest Issue Back Issues Special Issues Call for Papers Past Issues For Guest Editors Editing Tools For Authors Aims and Scope Policy Manuscript Prep Author's Checklist Copyright Form Submit Paper For Reviewers Reviewer's Guide Submit Review Community Join AIEDAM Related Links Send Inquiries & Comments to: ac123@cpdm.iisc.ernet.in Copyright � 2017 Cambridge University Press	>>pagegroup<< ZAPSupport-Tutorials More About Forms Tutorials Support > Tutorials > MoreAboutForms Recently ZAP introduced a new markup which allows you to submit fields and values to ZAP without using hidden input fields. Here's how it works. Suppose you had this ZAP form in your wiki: (:messages:) (:zapform:) (:input hidden emailsubject "Email from my website":) (:input hidden email "email@example.com":) SEND ME A MESSAGE: \|\|Your Email: \|\|(:input text emailfrom size=40:) \|\|Subject: \|\|(:input text emailsubject size=40:) \|\|Message: \|\|(:input textarea emailbody cols=34 rows=6:) \|\| \|\|(:input submit value="Send Message":) (:zapend:) If someone were to look at the html output of this form, they would be able to see your email subject, and worse--your email address. This information could be hidden using ZAP's input markup: (:messages:) (:zapform:) (:zap emailsubject="Email from my website":) (:zap email="myemail@example.com":) SEND ME A MESSAGE: \|\|Your Email: \|\|(:input text emailfrom size=40:) \|\|Subject: \|\|(:input text emailsubject size=40:) \|\|Message: \|\|(:input textarea emailbody cols=34 rows=6:) \|\| \|\|(:input submit value="Send Message":) (:zapend:) The only difference is that the emailsubject and email fields have been changed to (:zap field="value":) markups. If you look at the html output however, there is no trace of either. Instead both are stored as SESSION variables, and retrieved again when the form is submitted. This provides extra security in another way as well. Using session variables makes it more difficult for hackers to forge a form submission, as they cannot be overwritten by POST values. In fact, as an extra security feature, all extension commands, and some core commands can ONLY be triggered using this markup. Multiple Forms There may be times you have more than one ZAP form on a page. This includes forms in groupheaders/groupfooters. If so, each form should be given a unique form key. Taking the example above, let's assign the key "ContactForm": (:messages:) (:zapform key=ContactForm:) (:zap emailsubject="Email from my website" ContactForm:) (:zap email="myemail@example.com" ContactForm:) SEND ME A MESSAGE: \|\|Your Email: \|\|(:input text emailfrom size=40:) \|\|Subject: \|\|(:input text emailsubject size=40:) \|\|Message: \|\|(:input textarea emailbody cols=34 rows=6:) \|\| \|\|(:input submit value="Send Message":) (:zapend:) Make sure you include the form key with each (:zap:) markup, so ZAP knows which form to assign that field and value too. Do not include it in any normal input fields. Click here for the next step in this tutorial: Commands... . Page History Source Attach File Backlinks List Group Last modified on April 13, 2007, at 09:45 PM
config

More About Forms