Are embedded querystring values safe? (are all form fields safe?)

  • Hi,

    When using a Contact Form 7 form, do I have to worry that the data input in any of the fields could cause a problem with the application? I don’t mean what happens if I take and use the data elsewhere, but on the application itself.
    For instance, if the only thing done with the input fields is display them on the email that is generated, is there any concern?
    And to take that a step further, if I am using a querystring to pass in data and capture it in the form like this
    [text* your-name default:get]

    and include that in the email, is there any concern?
    I know its important to sanitize querystring values in many cases. I just didn’t know if this is a case where it is either already handled or is just not necessary.

    Thank you

  • You must be logged in to reply to this topic.