None of this ever happens if you use an RDBMS and put everything in strongly typed columns, regardless of how or where you are generating the forms or UI (backend or front end). They can be stored encrypted with a js/user-only #fragment if you don’t want the server to see the data.