Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.I need to conditionally set a hidden field using a token. This hidden value needs to be used to send email to.
Everything works fine except the fact that the email address is in the form code as a hidden field. This I would like to prevent.
So I hacked the hidden component to allow selecting the field type, hidden or value.
http://api.drupal.org/api/drupal/developer--topics--forms_api_reference....
I think this could be very useful for any data that might be considered sensitive but still needs to be stored as part of the webform submission.
I tried to create a patch but for some reason my WinMerge is not working correctly, I think its an encoding issue. I have attached my hidden.inc file.
| Comment | File | Size | Author |
|---|---|---|---|
| hidden.inc_.txt | 5.32 KB | NaX |
Comments
Comment #1
vernond CreditAttribution: vernond commentedNice idea NaX. Might be better to rework it as a new custom component as opposed to hacking the standard Webform component though. I think we need to get young quicksketch to invite us all around for a soda and pizza to discus the possibility of a custom components library for folks to contribute to :-)
Comment #2
NaX CreditAttribution: NaX commentedI thought about creating a new component but then I thought it would be confusing to users to have 2 components that do the same thing, the only difference is the technical mechanics. The other thing I thought of was to write a custom module that alters all the hidden components form element to be a value field.
I actually don't see the point of the hidden field component when the Drupal FAPI provides the form value element. Can anybody think of a situation where a hidden field would be better than a value field or something that cant be done with a value field and would have to be a hidden field. To none technical users hidden means to hide from display, they don't care how it is hidden so why not default to the most secure option.
Just my 2 cents.
Comment #3
quicksketch@Nax: This issue should be marked duplicate, rolled as a patch, and submitted to #630476: Allow hidden fields to handle unsafe tokens by making the "value" type fields, which is for the same thing.
Comment #4
quicksketch