Assign for form_for (put custom params, from template to controller)

Hello,

I have simply form

<%= form_for @conn, Routes.register(@conn, :register), [as: :register], fn f -> %>
          <%= text_input f, :login  %>
          <%= text_input f, :password  %>
          <%= submit "SEND" %>
<% end %>

I need put something to params, and read that value from controller, but it must be not visible/editable by user.
I know i can put hidden input, but it can be still edit by user (with browser/inspect element).

I have no idea how i can do this.

Can you elaborate on your use case? In general the user can edit anything, there’s nothing you can do to prevent that.

You can try to detect if they’ve edited something by placing a signed value in the form. Alternatively it may be easier to just put something in the user’s session which is encrypted by Phoenix and can’t be edited by the user.

2 Likes

Hi,

Welcome to the forum

Are you trying to secure your application from user attacks?

EX: XSS and sanitizing data etc?

Thanks, i used session plug to storage secret data