From the https://www.typeform.com/help/a/using-hidden-fields-360052676612/
I understand that ‘hidden fields’ are just placeholders to parse and save the Query Parameters.
(I wish they were referred as ‘URL Query fields’! A hidden field is technically a field that would be in the html content but not be rendered on the UI)
Requirement: Decrypt a query parameter value
Business Justification: We pass sensitive information such as ClientID, first name and last name (say). While each member would get the url specifically crafted for him/her, it’s easy for the member to tamper the url and fill our the survey for another member.
Example:
https://tutorials.typeform.com/to/abc#clientinfo=asfoillwil23laisd
A hidden field 'clientinfo' would hold the value 'asfoillwil23laisd'
Now, I want to be able to decrypt the value into discrete user defined fields such
client_id=423232
first_name=John
last_name=Smith
All I need is decrypt and substring functions built into TypeForm
clientinfo_decrypted=Decrypt(client_id, decrypt key, base) # let's say returns -> 23232_John_Smith
client_id=substring(clientinfo_decrypted,0,indexof(clientinfo_decrypted,'_')) # Get the string before the first underscore→ returns 23232
first_name=substring to get the text between the first pair of underscores → returns John
last_name=substring to get the text after the 2nd underscore → return Smith
The ability to decrypt query parameter values and extract subtext from it will enable survey url to be more secure. Write now, the URLs are plain text and hackable.
Users can still edit the url with encrypted values, however, the decryption would not find any meaningful output. Plus, the decryption can always validate one of the fields to make sure that the query parameter values were not tampered.