You could store a list of valid fields in a control or profile document and use them to tell you if a field is valid for this transaction. Get a list of fields from the DocumentContext doc and compare each field to your list of valid fields for this web form. If the field is not valid then you could delete the field from DocumentContext or quarantine the document for review. You would need to remember to not delete the extra field used by Domino for check boxes and radio buttons.
You can also use Matt Holthe's method Link of getting the "realdocument" and verify that the current status is correct for this transaction. You could check the source document to see if the web page can change the status from "Awaiting Payment" to "Paid".
The first method prevents the web user from submitting fields they shouldn't have access to and the second method checks the validity of the contents of the field for the type of transaction.
Also, especially for a shopping cart application, fields should never be stored on the web form. They should only reside in the database. This prevents a user from changing an order of one item at 10.99 to 100 items at 10.99.
BTW, in IE you can change input fields, hidden or otherwise using the javascript: URL command or the Mouseover DOM Inspector Link
You could store a list of valid fields in a control or profile document and use them to tell you if a field is valid for this transaction. Get a list of fields from the DocumentContext doc and compare each field to your list of valid fields for this web form. If the field is not valid then you could delete the field from DocumentContext or quarantine the document for review. You would need to remember to not delete the extra field used by Domino for check boxes and radio buttons.
You can also use Matt Holthe's method Link of getting the "realdocument" and verify that the current status is correct for this transaction. You could check the source document to see if the web page can change the status from "Awaiting Payment" to "Paid".
The first method prevents the web user from submitting fields they shouldn't have access to and the second method checks the validity of the contents of the field for the type of transaction.
Also, especially for a shopping cart application, fields should never be stored on the web form. They should only reside in the database. This prevents a user from changing an order of one item at 10.99 to 100 items at 10.99.
BTW, in IE you can change input fields, hidden or otherwise using the javascript: URL command or the Mouseover DOM Inspector Link