Vulnerability in EPiServer.Forms

Try our conversational search powered by Generative AI!

Deane Barker
Nov 15, 2010
(1 votes)

Simple Token Replacement

Someone posted something to the forums in which they’re solving a problem I’ve had in the past using Dynamic Content:

[we used] DynamicContent property to display a site wide value on the web page.

So, Dynamic Content is used as a placeholder, essentially, which gets swapped with some value at render time.  We’ve run into this several times.

  • One of our clients needed to refer to a specific registration fee all over the Web site.  This fee amount changed every year, and they didn’t want to have to track down where it was posted every year.
  • One of our clients had 86 sites on the same install, and each one would fetch a Contact Us page from a common location.  But this page had to have different phone numbers, etc. for each of the 86 sites.

We started using Dynamic Content for this, but we found it was a little heavy-handed.  Our clients wanted something simple and fast.  Additionally, you can’t see what value you are replacing from the editor.  You just see the generic “Page Property” placeholder, but you have no idea which property you are dumping there.  Finally, in the second situation, the editor couldn’t pick the specific page from which to pull the property for the Page Property plugin – they just wanted the property from the current Start Page, whatever that happened to be for this particular site.

So, we decided to go the wiki-like route and just have the client embed a text pattern which we would catch and replace at render time.  Something like this:


We mapped these to properties on the Start Page.  So, at render time ”[[CustomerServicePhone]]” gets replaced with the contents of the “CustomerServicePhone” property on the Start Page.  (We use Start Page properties all the time to hold site-wide values, since there will only ever be one Start Page.)

The code to execute this is in a PageAdapter mapped to System.Web.UI.Page, like this:

<adapter controlType="System.Web.UI.Page" adapterType="BlendInteractive.PageAdapters.TokenReplacer" />

By doing this as a Page Adapter rather than on the Property control, we catch this token everywhere it’s used, whether it’s coming out of a Property control, is hard-coded into the template, is written to the browser from code-behind, whatever.

This has worked well for us on the two projects where we’ve used it.  A few things to know:

  • We normally just use String properties, but you could technically use any type of property that renders to a string.  In testing, I’ve used everything from Page properties to Link Collections.
  • If you need to do this replacement from code that doesn’t output to a browser – like a scheduled job, perhaps – you’ll need to extract the logic to a static class and call that class from both the adapter and your code.  Wouldn’t be hard to do, but we’ve never had to do it.
  • Security has never been a concern for us with this particular functionality, but if you want to make sure editors can only use certain properties as replacement tokens, I would just implement a naming convention.  Perhaps say all “replaceable” properties have to start with “Token-“ and then adjust the regex to look for that pattern only.


Nov 15, 2010


tost Nov 15, 2010 11:33 PM

Cool and simple! Nice to see that the code is commented as well!

Please login to comment.
Latest blogs
Join the Work Smarter Webinar: Working with the Power of Configured Commerce (B2B) Customer Segmentation December 7th

Join this webinar and learn about customer segmentation – how to best utilize it, how to use personalization to differentiate segmentation and how...

Karen McDougall | Dec 1, 2023

Getting Started with Optimizely SaaS Core and Next.js Integration: Creating Content Pages

The blog post discusses the creation of additional page types with Next.js and Optimizely SaaS Core. It provides a step-by-step guide on how to...

Francisco Quintanilla | Dec 1, 2023 | Syndicated blog

Stop Managing Humans in Your CMS

Too many times, a content management system becomes a people management system. Meaning, an organization uses the CMS to manage all the information...

Deane Barker | Nov 30, 2023

A day in the life of an Optimizely Developer - Optimizely CMS 12: The advantages and considerations when exploring an upgrade

GRAHAM CARR - LEAD .NET DEVELOPER, 28 Nov 2023 In 2022, Optimizely released CMS 12 as part of its ongoing evolution of the platform to help provide...

Graham Carr | Nov 28, 2023