Vulnerability in EPiServer.Forms

Try our conversational search powered by Generative AI!

How can I capture the content of a non-property form field in the CMS?


Recently I had a request to add an input field to a page that is presented in the CMS, but to not define that field as a page property, with the goal being to capture that value on the back end when the page gets published.  To do this, I added an OnPublishedContent event in the Global.asax, and then expected to see it in the ContentEventArgs object or in the HttpContext.Current.Request.  But at this point I'm not able to capture the value from this form field.

<>input type="text" id="MyField" name="MyField" />

Here is the code in my Global.asax with a couple of attempts that did not return the expected value from "MyField".

protected void Application_Start()
    DataFactory.Instance.PublishedContent += OnPublishedContent;

private void OnPublishedContent(object senderContentEventArgs contentEventArgs)
    var submitData = HttpContext.Current.Request.HttpMethod == "POST" ? HttpContext.Current.Request.Form : HttpContext.Current.Request.QueryString;
    if (submitData != null)
        var myField1 = submitData["MyField"];
    var currContext = HttpContext.Current;
    if (currContext != null && currContext.Handler != null)
        var myField2 = currContext.Request.Form["MyField"];

How can I capture that value? Thank you.
Dec 21, 2017 22:45


Where did you add that field? When a page is published in Episerver it does not post the entire page in a form.

Couldn't you add a property to the page type instead and hide it away on some tab? You can always null the value after publishing.

[Display(GroupName = SystemTabNames.Settings)]
public virtual string MyFieldProperty { get;set; }

And in your view you could have:

if (PageEditing.PageIsInEditMode)
    @Html.PropertyFor(m => m.MyFieldProperty)

When the page is published:

DataFactory.Instance.PublishingContent += OnPublishingContent;

private void OnPublishingContent(object sender, ContentEventArgs contentEventArgs)
    var page = e.Content as MyPageType;
    var myField = page.MyFieldProperty;

    // Do stuff with your value

    // If you don't want to persist the value on the page:
    page.MyFieldProperty = null;

Edited, Dec 22, 2017 11:09

Thanks Mattias.  For testing I had created a HomePage page model and controller, and then placed that field into the HomePage Index view.

We don't need to hide the field.  We are looking for additional ways to apply custom logic to entered values when they are published.  With standard MVC it's a straightforward process to capture and manipulate (or store) field data when a form is submitted.  But this part -- When a page is published in Episerver it does not post the entire page in a form -- we did not know.  What you suggested may be the direction we'll need to take.  In the past I used a pattern like that to adjust XhtmlString markup in the SavingContent event.

Is there a way to signal to the CMS that we would like a field to be captured at publish or save without making that field a property of the page type?

Edited, Dec 22, 2017 13:42
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.