Vulnerability in EPiServer.Forms
With the Url Property, is there any way to limit the types of links for the editor? I would like to allow internal page and external link but not allow email, media, etc.
I believe (but haven't tested myself) is that you can create a new type inherit from PropertyUrl, and override ValidateUri to only allow links as you intended
you can also in theory create an EditorDescriptor target PropertyUrl and do some clientside validation there
Have a look at this blog post:https://blog.ynzen.com/extending-the-hyperlink-editor-in-optimizely-11
And this, that is linked from the first:https://world.optimizely.com/blogs/Anders-Hattestad/Dates/2015/2/extending-the-hyperlink-with-custom-field/