Can this website pose a SECURITY RISK?
This website, freesurvey.app claims to generate a survey (like hotjar) without backend nor account creation. It generates a script to copy/paste into a website. Is this secure? How does it work without backend? I made a little test survey to examine the generated code. It's the only way to answer your question. The code that's executed on the user's browser is too long to copy here, but there's nothing in it that's talking to anything surprising or concerning as near as I can see. The survey requires a backend to process the survey responses, of course, and the application gives you a choice of using Google sheets directly or using the backend code they provide on your own server. This is that backend code: All that said, this is a simple convenience thing to do very basic surveys. Personally, I don't really see that it's providing enough convenience or value to be interesting, but YMMV. thanks for explaining > without backend the back-end is Google Sheets. thanks
This code requires your server to also have access to a spreadsheet, but it's also one you can run. Nothing about this raises security concerns to me, at least insofar as it being some sort of trojan horse. I'd be very interested if someone has a different assessment. function doPost(e) {
// uncomment this to filter domain
// if (e.parameter.origin !== 'yourdomain.com') {
// return ContentService.createTextOutput("Invalid domain");
// }
var sheet = SpreadsheetApp.openById("").getActiveSheet();
var data = JSON.parse(e.postData.contents);
sheet.appendRow([data.question0]);
return ContentService
.createTextOutput(JSON.stringify({"result": "success"}))
.setMimeType(ContentService.MimeType.JSON);
}