Overview
State validation enhances form security by ensuring submitted field values have not been altered client-side. When a form is displayed, a state is generated based on the configuration and allowed values of supported fields.
Upon submission, Gravity Forms validates the submitted values against the stored state. If the submitted value does not match the original configuration, the submission is rejected. State validation is bypassed when dynamic population is enabled for a field.
How It Works
- Form Display
Gravity Forms generates a state object containing valid values for supported fields. - Form Submission
During field validation, each submitted value is compared against its stored state to confirm it hasn’t been modified client-side. - Validation Result
Matching values → field passes validation.
Modified or unexpected values → field fails validation.
Supported Fields
The following field types support state validation:
| Field Group | Supported Fields | Supported Types |
|---|---|---|
| Standard Fields | Checkboxes, Consent, Image Choice, Multiple Choice, Radio Buttons, Drop Down | – |
| Product Fields | Product | Single Product, Drop Down, Radio Buttons, Hidden |
| Product Fields | Option | Checkboxes, Drop Down, Radio Buttons |
| Product Fields | Quantity | Drop Down |
| Product Fields | Shipping | Drop Down, Radio Buttons |
| Product Fields | Total | – |
| Post Fields | Post Category | Checkboxes, Radio Buttons, Drop Down |
| Post Fields | Post Custom Field | Checkboxes, Radio Buttons, Drop Down |
| Post Fields | Post Tags | Checkboxes, Radio Buttons, Drop Down |
| Add-On Fields | Any Add-On field extending Checkboxes, Radio Buttons, or Drop Down | Same as extended field type |