JHtmlForm Joomla Class

: Category: Joomla API; Published: 01 August 2019; Last Updated: 09 October 2019

The JHtmlForm is a utility class for form elements. It has two methods: token and csrf.

1. token()

It displays a hidden token field to reduce the risk of CSRF exploits. This method is used in conjunction with JSession::checkToken().

array $attribs - Input element attributes
return - string A hidden input field with a token

public static function token(array $attribs = array())
 {
 $attributes = '';

if ($attribs !== array())
 {
 $attributes .= ' ' . ArrayHelper::toString($attribs);
 }

return '<input type="hidden" name="' . JSession::getFormToken() . '" value="1"' . $attributes . ' />';
 }

2. csrf()

It adds CSRF form token to Joomla script options that developers can get it by Javascript.

string $name - The script option key name.
return - void

public static function csrf($name = 'csrf.token')
 {
 if (isset(static::$loaded[__METHOD__][$name]))
 {
 return;
 }

/** @var JDocumentHtml $doc */
 $doc = JFactory::getDocument();

if (!$doc instanceof JDocumentHtml || $doc->getType() !== 'html')
 {
 return;
 }

$doc->addScriptOptions($name, JSession::getFormToken());

static::$loaded[__METHOD__][$name] = true;
 }