OpenWGA 7.10 - WebTML reference
WebTML tags » form<tml:form htmlinput ="true | false | ignore">
Purpose:
Specifies if a WebTML form should accept a normal HTML input field.
Description:
When WebTML forms are posted to the OpenWGA server they may potentially contain fields that were not defined as WebTML inputs for the original WebTML form. There may be different causes for this. One cause is that the designer defined plain HTML inputs inside the WebTML form which would be ok. But another cause might be that this is some kind of security attack where the poster has injected those fields to the post to influence the behaviour of the server process.
Because of this OpenWGA normally ignores fields that were not defined as WebTML inputs. Using this attribute however you may enable treatment of normal HTML inputs by setting it to "true". In that case the values of those inputs are treated like normal WebTML inputs of type "text". You should ensure in that case that there is no way to harm your process or data by injecting custom fields.
Value(s):
true: HTML input fields are accepted
false: HTML input fields are not accepted. A WebTML warning is issued if a WebTML form contained such fields.
false: HTML input fields are not accepted. A WebTML warning is issued if a WebTML form contained such fields.
ignore: Like false but will also suppress the WebTML warning. Use this if you know that your form has HTML inputs which should be silently ignored.
Default value:
false