diff --git a/administrator/components/com_content/Model/ArticleModel.php b/administrator/components/com_content/Model/ArticleModel.php
index 22a94c6589b5a..270fe231eb005 100644
--- a/administrator/components/com_content/Model/ArticleModel.php
+++ b/administrator/components/com_content/Model/ArticleModel.php
@@ -708,12 +708,6 @@ public function getForm($data = array(), $loadData = true)
 			}
 		}
 
-		// Remove show_associations field if associations is not enabled
-		if (!$assoc)
-		{
-			$form->removeField('show_associations', 'attribs');
-		}
-
 		return $form;
 	}
 
diff --git a/libraries/src/Form/Form.php b/libraries/src/Form/Form.php
index 6e6c8d2a842fc..efe5272baae3c 100644
--- a/libraries/src/Form/Form.php
+++ b/libraries/src/Form/Form.php
@@ -1142,7 +1142,12 @@ public function filter($data, $group = null)
 			if ($input->exists($key))
 			{
 				$fieldObj = $this->loadField($field, $group);
-				$output->set($key, $fieldObj->filter($input->get($key, (string) $field['default']), $group, $input));
+
+				// Only set into the output if the field was supposed to render on the page (i.e. setup returned true)
+				if ($fieldObj)
+				{
+					$output->set($key, $fieldObj->filter($input->get($key, (string) $field['default']), $group, $input));
+				}
 			}
 		}
 
@@ -1199,13 +1204,22 @@ public function validate($data, $group = null)
 
 			$fieldObj = $this->loadField($field, $group);
 
-			$valid = $fieldObj->validate($input->get($key), $group, $input);
+			if ($fieldObj)
+			{
+				$valid = $fieldObj->validate($input->get($key), $group, $input);
 
-			// Check for an error.
-			if ($valid instanceof \Exception)
+				// Check for an error.
+				if ($valid instanceof \Exception)
+				{
+					$this->errors[] = $valid;
+					$return         = false;
+				}
+			}
+			elseif (!$fieldObj && $input->exists($key))
 			{
-				$this->errors[] = $valid;
-				$return         = false;
+				// The field returned false from setup and shouldn't be included in the page body - yet we received
+				// a value for it. This is probably some sort of injection attack and should be rejected
+				$this->errors[] = new \RuntimeException(Text::sprintf('JLIB_FORM_VALIDATE_FIELD_INVALID', $key));
 			}
 		}
 
diff --git a/libraries/src/Form/FormField.php b/libraries/src/Form/FormField.php
index 69d4550b3771d..7614ee29752de 100644
--- a/libraries/src/Form/FormField.php
+++ b/libraries/src/Form/FormField.php
@@ -1027,7 +1027,7 @@ public function filter($value, $group = null, Registry $input = null)
 	 * @param   Registry  $input  An optional Registry object with the entire data set to validate
 	 *                            against the entire form.
 	 *
-	 * @return  boolean  Boolean true if field value is valid, Exception on failure.
+	 * @return  boolean|\Exception  Boolean true if field value is valid, Exception on failure.
 	 *
 	 * @since   __DEPLOY_VERSION__
 	 * @throws  \InvalidArgumentException