HTMLInput

Hidden Input Generator

Create <input type="hidden"> elements to pass non‑visual data in forms.

Hidden input example

Input configuration

Preview & code

Hidden inputs are not visible in the preview by design.

HTML hidden input: reliable metadata for forms

The HTML <input type="hidden"> transports non‑visual data with a form submission—things like CSRF tokens, return URLs, product IDs, or feature flags. Hidden fields aren’t shown in the UI, but they are easy to inspect and modify by anyone. Treat them as convenient carriers, not as a security boundary, and always validate on the server.

When hidden fields are useful

  • Preserving context across steps (e.g., the current cart or redirect target).
  • Attaching identifiers that the server can look up (e.g., item IDs).
  • Carrying CSRF tokens or nonces generated server‑side.

Security reminders

Never put secrets in hidden fields. Users can change values using dev tools or by crafting requests. Treat each value as untrusted input: verify permissions, compare against server records, and log anomalies.

Validation & integrity

  • Generate tokens server‑side and bind them to a session or time window.
  • Reject unexpected IDs or mismatched signatures.
  • Prefer POST for sensitive actions; avoid exposing values in URLs.

Copy‑ready patterns

  • CSRF token: server‑generated value validated on submit.
  • Tracking param: pass a campaign code without showing it in the UI.
  • Return URL: include a server‑validated path to redirect after success.

Hidden inputs keep forms simple by moving context along with the user. Validate every value server‑side and store only what you need—your forms will stay lean and dependable.