Google Forms revealed
Google Document is great for many things and the GD Forms is a very easy way to request feedback from your users, be it per email or embedded into a web page.
Forms however, lack the capacity to be customized - i.e. except for those fixed styles - so it can sometimes be hard to actually embed in into a web page, without breaking your style.
Then I discovered Gill Smith's (and Ahab's) excellent page which showed some URL parameter options to customize the forms a bit, but when I went through the list I found that most of them were not working. They also didn't provide a fix to remove the footer and change the padding, so I knew I had to try to digg it out myself.
I used a Rebol script (thanks HMK!) to probe the the options, and after 180000 page requests, I finally had a complete list of parameters that actually did something to the forms.
And more importantly, I had also discovered how to do the things I needed!
In order to share this with others I've created an interactive test page:
To the left in this picture, you can see all the options that are currently known to work, and a space is provided where you can insert the css you would like to inject. Once you press the submit button, the specified Form page will be loaded on the right, so you can immediately see your result. Once you are satisfied, copy the generated URL from the lower part of the page and insert it where-ever you want to use your form.
With this you can do the following to a Google Docs Form page:
Please ask questions - and come with good ideas for usage - in the comment thread on this page.
--
Fsteff
Forms however, lack the capacity to be customized - i.e. except for those fixed styles - so it can sometimes be hard to actually embed in into a web page, without breaking your style.
Then I discovered Gill Smith's (and Ahab's) excellent page which showed some URL parameter options to customize the forms a bit, but when I went through the list I found that most of them were not working. They also didn't provide a fix to remove the footer and change the padding, so I knew I had to try to digg it out myself.
I used a Rebol script (thanks HMK!) to probe the the options, and after 180000 page requests, I finally had a complete list of parameters that actually did something to the forms.
And more importantly, I had also discovered how to do the things I needed!
In order to share this with others I've created an interactive test page:
To the left in this picture, you can see all the options that are currently known to work, and a space is provided where you can insert the css you would like to inject. Once you press the submit button, the specified Form page will be loaded on the right, so you can immediately see your result. Once you are satisfied, copy the generated URL from the lower part of the page and insert it where-ever you want to use your form.
With this you can do the following to a Google Docs Form page:
- Remove the Footer.
- Change font-size globally and per section.
- Add padding and spacing whenever you need it.
- Many other things...
Please ask questions - and come with good ideas for usage - in the comment thread on this page.
--
Fsteff
Labels: Forms, Google Docs
Good stuff - what on earth do you think the tfe is supposed to do? Test format something?
It's like the "pli=0" on my form that neither ahab nor I can figure out - at least that seems to do nothing even when set wrong!
Posted by
Gill |
November 12, 2009 3:25 PM
This post has been removed by the author.
Posted by
fsteff |
November 12, 2009 7:06 PM
Gill, Great to hear from you.
I have no idea about the &tfe parameter in the embedform, but they thought it important enough to also have in the the viewform - at the only parameter. (As far I I could find, I ran a similar test as I did on embedform). It might be some sort of redirection, for debugging purpus - but sofar it remains a great mystery.
So does the &pli=0 that you found. Especially since I found no change from the normal query, if I added the &pli=0. The same was true with some of your other reported options. Did you test it recently? Is it still working. Could it be regional dependant? I've used English regional settings in my browsers and Danish regional settings in the Rebol script.
I hope to explore this trick more...
--
Fsteff
Posted by
fsteff |
November 12, 2009 7:18 PM
can i add a background picture to the form?
Posted by
For Example |
November 13, 2009 1:26 PM
hi there, I also wanted to get a way around with the google forms.
I wanted my page to redirect to another page once I click the submit button, Can it be done?
I have used the forms with my own css , you can check it out here(its not that good, I did what I could do best :) http://solidintl.edu.np/contact.php
Posted by
Pramod |
November 13, 2009 6:29 PM
I just realized that you can change the background provided the color is specified in R, G and B values and not with a hex value starting with a # (which is filtered by the browser), such as this:
;}.ss-form-container{background:rgb(156,165,120) !important
Additionally you can add an image this way:
;}.ss-form-container{background:rgb(156,165,120)%20url('http://tigerlilly.dk/fsteff/images/Fsteff-party.jpg')%20top%20no-repeat%20!important;
As for redirecting to another "Thank you" page, I still haven't found a way to do it.
Posted by
fsteff |
November 13, 2009 8:58 PM
Hi Pramod,
I just checked out your link. Looks pretty good, IMHO.
But I don't see you using the actual embedform that we were discussing here.
Posted by
fsteff |
November 14, 2009 12:58 AM
To use your own CSS file, for example: http://yourdomain.com/example.css
use "\" for special characters
Insert this at the end of the url:
&f=;}\%3C\/style\%3E\%3Cstyle%20type\=\%22text\/css\%22\%3E\@import%20url\%28http\:\/\/yourdomain\.com\/example\.css\%29\;{
Posted by
Nicodicoco |
November 20, 2009 12:11 PM
Great input Nicodicoco,
Thanks!!
It never occurred to me to use "\"... for some reason I had assumed it would be the first thing they would filter.
But your input immediately made me realize how to also inject javascript into the form!
I've updated your example to allow to inject both example.css and example.js from http://yourdomain.com, which just requires the following to be added to the end of the URL:
&f=;}\%3C\/style\%3E\%3Cscript%20type\=\%22text\/javascript\%22%20src\=\%22http\:\/\/yourdomain\.com\/example\.js\%22\%3E\%3C\/script\%3E\%3Cstyle%20type\=\%22text\/css\%22\%3E\@import%20url\%28http\:\/\/yourdomain\.com\/example\.css\%29\;{
By also injecting jacascript, it should be possible to validate the form contents before the form is send (which removes the problem of reloading the form.) It might also be possible to change the "thank you" form... It'll even be possible to add cookies to prefill parts of a form, such as names etc...
I'll see if I can make an example of it "in action" sometimes during the weekend.
Now my lunch break is over....
Posted by
fsteff |
November 20, 2009 2:11 PM
not working anymore???
Posted by
Anonymous |
November 23, 2009 8:18 PM
:-(
Seems like the &f hole has been closed by Google. :-(
Hopefully they see how a better forms implementation is really needed soon.
Posted by
fsteff |
November 23, 2009 9:31 PM
Fortunately it has been closed. And fortunately no one managed to really exploit it as the results could have been very serious. I made a little post on my blog regarding how serious impacts Google's XSS vulnerabilities might have. http://buzer.net/blog/index.php?title=risks_of_google_s_cross_site_scripting_v&more=1&c=1&tb=1&pb=1
Posted by
Buzer |
November 24, 2009 1:02 PM
Buzer,
Thank you for also pointing out how it could be exploited in a bad way. I didn't see it as anything but a good opportunity to manually do what Google hadn't allowed us to do with the Forms... Things I'm still hoping they will do as soon as possible.
Posted by
fsteff |
November 24, 2009 7:45 PM
I've just noticed that of the text color parameters, the only ones which work now are &htc (field explanatory note) and &lc (footer links).
Are there any workarounds?
Posted by
l |
November 29, 2009 3:07 PM
Hi,
Here you can find another way to style, validate and redirect your google forms. Different tricks but works prety good :)
http://www.morningcopy.com.au/how-to-style-google-forms/
Seb
Posted by
Sébastien Méric |
December 3, 2009 11:48 AM
Thanks a lot !!!!! Great !!!!!!
Posted by
Emmanuelle, Karim, Louna Tabbara |
February 20, 2010 3:38 PM
Post a Comment