Products
Contact Support Additional Learning Monthly Product Updates
Menu

Forsta Professional Authoring Support

All the topics, resources needed for Forsta Professional Authoring.

Validation and XSS

  • Last updated:

Articles in this section

In this article

      Use the Validation & XSS tab options to specify the checks that are to be made on the respondents’ answers before they are allowed to move on to the next question - .

    You can also add "global" validation code which will be executed for every question in the survey. The code specified here will be executed when each question in the survey is submitted, so the code should be as efficient as possible. The code will be executed before any custom question validation that may be defined. The CurrentForm() function can be used to provide the question ID of the current question, and the getType() method can be used to filter the question types and specify which types the code is executed on.

    Figure 1 - The Survey Settings > Validation & XSS tab options

    The Validation and XSS Tab Properties

    The Default Validations options allow you to define the checks that are to be performed on the answers given on a page before the respondent is allowed to proceed to the next page.

    The XSS settings safe-guard Authoring against cross-site scripting (XSS). Cross-site scripting refers to when users are inserting scripts in user input fields (for example an open text question in a Survey) that could potentially be executed elsewhere in an application. Note that Authoring does not enable such scripts to execute anywhere inside the application. However, as some users wish to use, for example, HTML code in response piping when presenting input to respondents in surveys, users may choose to enable it in interviews.

    Answer Required Checks

    The generator produces code that ensures that the respondent answers a question unless it has the “Not required” property set. This option applies to all Open, Single and Grid questions, and Multi questions with an exclusive answer alternative defined as single punch.

    Exclusivity Tests

    The generator produces code that ensures that the respondent cannot select an "exclusive" answer alternative in a Multi question in addition to other answer alternatives in the list. For browsers not supporting “Advanced WI features” or that have JavaScript disabled, an error message is provided if an exclusive element is chosen in combination with other responses.

    Other-Specify Testing

    The generator produces code that confirms the consistency of user input, i.e. that the respondent both checks off for "Other" and writes in the text box.

    Rank Order Tests

    The generator produces code that ensures that the inputs in Multi Ranked questions and Grid questions are unique for each alternative in the list, and consecutive. The questions must be marked as Ranked in the questions' Properties sheet (go to Question Properties Overview for more information).

    HTML Encode Output of Piping Expressions

    Check this box to encode expressions in response piping so the code is not executed.

    Note: A site-wide setting is available, called HTMLEncoding, which can be set by the system administrator. This setting, when selected, overrides the HTML Encode Output... checkbox setting and will cause piping expressions to be encoded irrespective of the HTML Encode Output... checkbox setting.

    Require all Open Text Input to be XSS Safe

    The generator validates the input from the respondents and will not accept input containing < and >.

    Was this article helpful?
    0 out of 0 found this helpful
    Return to top