Monday, January 19, 2015

Enter special characters as input to WFFM form fields

One of my colleagues asked me about how can we allow to enter special characters (like &) into WFFM form fields. When you try to submit special characters (ex: &, >, <) with WFFM form, it returns following error message.



Reason for this warning message is, Access Security Validation that is added to every WFFM form by default.



More than a year back, I had a ticket created for the same issue with sitecore support and following is the solution/workaround they provided.

** refer "UPDATE 17/11/2015" at the bottom of the page for new kb article

Sitecore Solution :

Remove the Assess Security Risk verification action from the web form:
1.In the Content Editor, on the ribbon, on the View tab, select the Raw Values check box.
2.Select the item of the web form that you want to edit.
3.In the Submit section, in the Check Actions field, remove the <li> node containing the ID of the Assess Security Risk action - {2D5B5061-747A-4477-BD41-E746EAFEB231}


But, I thought of looking for a different solution to solve this issue. So, I had a quick look into the Sitecore.Forms.Custom.dll file and saw that it is a small adjustment that we need to do to achieve our requirement.



So, copy the Sitecore.Form.Submit.AssessSecurityRisk class from Sitecore.Forms.Custom.dll and insert it to our own class.
Then, change/remove the characters that needed to be included from the validation code
Then, duplicate the "/sitecore/system/Modules/Web Forms for Marketers/Settings/Actions/Form Verification/Assess Security Risk" item



 Change the "Assembly" and "Class" field value to map our newly created custom class

This allow us to only remove the necessary characters from the "Assess Security Risk" validation and keep all other default validations intact.

Update :
When you need to edit the "Form Verification" field value, you need to change the content editor to display "Raw values" for the fields, and then replace the id value (marked in green color text) with the ID of the newly created custom Form Verification item.

 <?xml version="1.0" encoding="utf-16"?><li xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">  <g id="{10FE9225-5E6C-4896-9CD2-880D6D48C4CC}" displayName="Check Actions">    <li id="{2D5B5061-747A-4477-BD41-E746EAFEB231}" unicid="89F18F7C96F4469A9470057CE421A115">     <parameters></parameters>    </li>  </g></li>
UPDATE 17/11/2015 : 
Sitecore has come up with a solution which encodes these restricted characters when WFFM form is submitted.
https://kb.sitecore.net/articles/568572
Posted by at

4 comments:

  1. AnonymousJanuary 29, 2015 at 10:55 AM

    THanks for the info chaturangar, I've been trying to implement the same thing. But I dont seem to have access to do this step "... copy the Sitecore.Form.Submit.AssessSecurityRisk class from Sitecore.Forms.Custom.dll and insert it to our own class ...", any ideas?

    ReplyDelete
    Replies
    1. scFootstepsJanuary 30, 2015 at 3:16 PM

      Hi, What do you mean by "I don't seem to have access to do this step.." ?? You can use a dll decoding tool (like ILspy) and decode the sitecore.form.custom.dll and copy the code from thare.

      Delete
  2. Anders, DenmarkSeptember 9, 2015 at 7:05 PM

    Thanks, Chaturangar

    ReplyDelete
  3. Sumit BajajSeptember 24, 2015 at 1:24 PM

    This comment has been removed by the author.

    ReplyDelete

Subscribe to: Post Comments (Atom)