In this article
- Enforce HTTPS Access to Survey - check this box to enforce HTTPS use by people accessing the survey
Important
If HTTPS is required, then any references to HTTP anywhere in your survey, including URLs to illustrations or links, in HTML styles, external style-sheets or scripts, will cause a warning to be displayed in most browsers. This warning may occur on every page of the survey and, depending on the user's response to the warning, the survey may not be displayed correctly. Faced with this, many respondents will abort the survey!
However this is easy to avoid; ensure that all absolute URLs start with "https", and you can use relative URLs if the targets are stored in the File Library (refer to the Forsta Professional Authoring User Guide for more information). If you test the survey with a live link in a separate browser window and you do not get any messages, then neither will your respondents.
- Encrypt System Request Parameters - this property increases the security of the system. Leave this box checked to encrypt system request parameters such as:
r, s, __state, __loop, __seqno and __version
These will not then be shown in clear text, but encrypted in a __sid__ parameter. This applies to both hidden question fields and URL parameters. Respondent links will then take the form:
/confirm/wix/test_p0003502.aspx?__sid__=KKCCKburQTJA0nxoy3zppzwMNq7TPEZCTqPH8EzXazrpu2_FkhnkHlS-bKIWXZM_0
If the parameters (r, s, ...) are transmitted in clear text when this feature is turned on, the parameter values will be ignored. The Survey Link will also be encrypted. Attempting to manipulate the __sid__ value will result in an internal error page being shown with an http status code. The default value for new surveys is "checked".
Note: You are strongly recommended to leave this property box checked.
- Disable unencrypted QID request parameter - prevents respondents from tampering with the survey URLs to skip to specific questions (disabled by default in new surveys).
- Accept POST requests for unique respondents - when this option is checked, attempts to initiate interviews using HTTP POST requests for unique respondent URLs will be permitted. If this option is not checked POST requests cannot be used to initiate the interview. HTTP GET requests can always be used to initiate interviews. This setting should only be checked in scenarios when POST requests are used.
- Use Unicode (UTF-8) encoding for all languages used in the survey - enforces Unicode (UTF8) encoding when the survey is rendered, irrespective of which language is being used in the survey. This will avoid problems such as occur when the respondent enters characters not expected in the current language/codepage into an answer, which is then saved incorrectly.
- Override optimistic quota timeout (mins) - this is the timeout setting to be used when using Optimistic Quotas. In the event a respondent makes no changes to the survey for this timeout period, then the respondent is assumed to have left the survey uncompleted and the Optimistic Quota is decremented for this respondent (go to Optimistic Quotas for more information). The default value for this timeout is 5 minutes, the minimum value allowed is 1 minute.
- Enable enhanced randomization... - When questions in the survey are set to use answer list randomization/rotation, the regular algorithm used to randomize the lists results in 'pseudo-randomization'. With this setting enabled, the algorithm will produce lists that are more naturally randomized. Note that questions containing predefined lists will have the same list order for every time the list is used by the same respondent ID, but questions with the same answer list but not based on a predefined list will not necessarily be in the same order. If a respondent completes the survey over several interviewing sessions, the answers will be displayed in the same order for that respondent, irrespective of whether the questions use predefined answer lists. With the setting disabled, the answer list randomization/rotation is determined based on the responseID and the number of answers in the answer list.
- Use JavaScript scripting engine - this is a survey-level setting which must be enabled to allow use of the JavaScript engine. When this setting is enabled JavaScript can operate in all channels (CAWI, CAPI, CATI) and all scripts must be in Javascript, not JScript.NET. All script input areas (script nodes, masking, validation etc...) then display a text box stating that the JavaScript engine is in use.
- Handling of invalid data set from background / panel variables and scripts - the settings control how invalid data is handled when being set as background or panel variables or when values are set from scripts. The options allow you to control what happens if such a scenario arises for single, grid, numeric or open text questions. The result will be that the data is either committed or not, and that the survey either continues or aborts. If this scenario occurs, an email will be sent to the person responsible for the survey informing them about the issue. If the survey is aborted due to the invalid data, they will be sent an appropriate error via email.
- Undefined codes in single or grid questions - "Undefined codes" are codes that do not exist in the answer list for a single question, grid question or a single inside of a 3D-grid question. Select the desired outcome in the event undefined codes are found.
- Invalid data for numeric questions - "Invalid data" refers to non-numeric values or values outside of the total digits/decimal places restrictions. Select the desired outcome in the event invalid data is found.
- Oversized texts on open text questions - "Over-sized texts" refer to texts that are longer than the Open Text field width settings. Select the desired outcome in the event oversized texts are found.
One-click unsubscribe header for respondent triggered emails - This setting specifies the level of one-click unsubscribe header (Survey, Company or Panel) included in emails sent during survey runtime execution (via Email nodes, SendMail() or SendPdfMail() scripts). The adjustment for bulk email invitations is controlled by the separate setting which can be found in the bulk email definitions.
Enable short URLs - to avoid texts that are too long, users who wish to send survey invitations and reminders through SMS need shorter survey and unsubscribe URLs than the standard respondent URLs used by Forsta. When this property is enabled, the respondent and unsubscribe URLs will be on the short format. Note that short URLs for survey links expire after six months of inactivity; either six months after a link was last accessed, or if never accessed, six months after the link was created. Short URLs for unsubscribe links expire six months after being generated (generation happens when invitations are sent).
Validation & XSS
Use the Validation & XSS options - to specify the checks that are to be made on the respondents’ answers before they are allowed to move on to the next question.
You can also add "global" validation code which will be executed for every question in the survey. The code specified here will be executed when each question in the survey is submitted, so the code should be as efficient as possible. The code will be executed before any custom question validation that may be defined. The CurrentForm() function can be used to provide the question ID of the current question, and the getType() method can be used to filter the question types and specify which types the code is executed on.
Figure 2 - The Validation and XSS settings
- Exclusivity tests - the generator produces code that ensures that the respondent cannot select an "exclusive" answer alternative in a Multi question in addition to other answer alternatives in the list. For browsers that have JavaScript disabled, an error message is provided if an exclusive element is chosen in combination with other responses.
- Other-Specify checking - the generator produces code that confirms the consistency of user input, i.e. that the respondent both checks off for "Other" and writes in the text box.
- Rank order tests - the generator produces code that ensures that the inputs in Multi Ranked questions and Grid questions are unique for each alternative in the list, and consecutive. The questions must be marked as Ranked in the questions' Properties sheet.
- HTML encode output of piping expressions - check this box to encode expressions in response piping so the code is not executed.
Note: A site-wide setting is available, called HTMLEncoding, which can be set by the system administrator. This setting, when selected, overrides the HTML Encode Output... checkbox setting and will cause piping expressions to be encoded irrespective of the HTML Encode Output... checkbox setting.
- Require all open text input to be XSS safe - the generator validates the input from the respondents and will not accept input containing < and >.
Web Options
In the Web options area, you define how the browser is to react, and set other display options for the survey.
Figure 3 - The web options Area
Web Settings
- Override browser back button... - causes the browser's Back button to simulate a click of the Back-button in the survey.
- Set focus to first control on page - ignores all the Windows toolbar controls and sets the focus to the first Forsta control on a page to avoid the respondent having to tab through browser menus etc.
- On last page next button will be replaced with OK, where possible - when the respondent reaches the last page of the survey, instead of the Next button he/she will see OK. Note that due to constrains within the survey this may not always be possible.
- Enable short URLs - to avoid texts that are too long, users who wish to send survey invitations and reminders through SMS need shorter survey URLs than the standard respondent URLs used by Forsta. When this property is enabled, the respondent URLs will be on the short format. Note that short URLs expire after six months of inactivity; either six months after a link was last accessed, or if never accessed, six months after the link was created.
Note: Due to the shorter key, short URLs are inherently less secure than full encrypted URLs. The Short URL functionality is intended to be used when there are restrictions on the length of the message, as in for example SMS messages. In all other cases you are recommended to use regular encrypted URLs.
- Prevent survey page being displayed within a frame - when this option is checked, if the survey page is placed within a frame then it will not appear and it will not be possible to start the survey. Surveys with this enabled will not be displayed without JavaScript being enabled in the browser. This is recommended for security reasons to prevent click-jacking.
- Include a link that, upon re-entry… - this feature applies to Restricted Surveys with the Generate Back Button option selected, and allows respondents to continue where they left off. Use it in combination with the "Continue link" visual component in Theme in Survey Layout. If the respondent returns to a partially completed interview, he/she will be brought to the very beginning of the questionnaire and, if necessary, can be allowed to modify their answers. If the respondent does not want to modify previously given answers, he/she will be able to click the link to be taken to the point at which they left off, and can then continue taking the survey from there. Use this in combination with the "Continue link" visual component in Theme in Survey Layout.