function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Anthony PicaAnthony Pica 

Required Form field exposes sensitive information even when hidden

I have a Form on a page that is linked with the Lead object. Our Lead object has the Owner ID picklist field as a required field, so is requiring that it be included on the page. We don't want the ownerid field shown to customers, so what we can do is simply check "Hidden" in the Properties panel and give it a pre-determined value. This hides the field from the web page and still allows the data to be passed into Salesforce. The problem is that the field is still visible within the source code along with all the options of the picklist. The options include every user in our org - that's not really something we want exposed.


If we could have control over the type of HTML element that was rendered, we could make this field render as a standard HTML <input> field instead of a <select> picklist, and give it a default value. But doesn't give us that option; it has to be rendered as a <select> picklist.


I know I could just write a custom code block, but I wanted to take advantage of's drag and drop functionality.


Any ideas?

Anthony PicaAnthony Pica

I went ahead and used a custom code block to create the form. I generated a web-to-lead form, took the input fields and wrote new HTML/CSS. I didn't include the owner_id as a hidden field and it still accepted the data.





I agree it's not a good idea to be exposing the owner id. I will bring this issue up to the team and see if we can prioritize a way to address this.

Anthony PicaAnthony Pica

Addison, were you able to make any progress with this?


Yup, this bug should be fixed when Winter '13 rolls out.