One of my colleagues asked me about how can we allow to enter special characters (like &) into WFFM form fields. When you try to submit special characters (ex: &, >, <) with WFFM form, it returns following error message.
Reason for this warning message is, Access Security Validation that is added to every WFFM form by default.
More than a year back, I had a ticket created for the same issue with sitecore support and following is the solution/workaround they provided.
** refer "UPDATE 17/11/2015" at the bottom of the page for new kb article
Sitecore Solution :
Remove the Assess Security Risk verification action from the web form:
1.In the Content Editor, on the ribbon, on the View tab, select the Raw Values check box.
2.Select the item of the web form that you want to edit.
3.In the Submit section, in the Check Actions field, remove the
<li> node containing the ID of the Assess Security Risk action -
{2D5B5061-747A-4477-BD41-E746EAFEB231}
But, I thought of looking for a different solution to solve this issue. So, I had a quick look into the Sitecore.Forms.Custom.dll file and saw that it is a small adjustment that we need to do to achieve our requirement.
So, copy the Sitecore.Form.Submit.AssessSecurityRisk class from Sitecore.Forms.Custom.dll and insert it to our own class.
Then, change/remove the characters that needed to be included from the validation code
Then, duplicate the "/sitecore/system/Modules/Web
Forms for Marketers/Settings/Actions/Form Verification/Assess Security Risk" item
Change the "Assembly" and "Class" field value to map our newly created custom class
This allow us to only remove the necessary characters from the "Assess Security Risk" validation and keep all other default validations intact.
Update :
When you need to edit the "Form Verification" field value, you need to change the content editor to display "Raw values" for the fields, and then replace the id value (marked in green color text) with the ID of the newly created custom Form Verification item.
<?xml version="1.0" encoding="utf-16"?><li xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <g id="{10FE9225-5E6C-4896-9CD2-880D6D48C4CC}" displayName="Check Actions"> <li id="{2D5B5061-747A-4477-BD41-E746EAFEB231}" unicid="89F18F7C96F4469A9470057CE421A115"> <parameters></parameters> </li> </g></li>
UPDATE 17/11/2015 :
Sitecore has come up with a solution which encodes these restricted characters when WFFM form is submitted.
https://kb.sitecore.net/articles/568572