Vulnerability in EPiServer.Forms
I've implemented an ISelectionQuery that I'm using with an AutoSuggestSelection attribute as described here: https://docs.developers.optimizely.com/content-management-system/docs/built-in-auto-suggestion-editor
It works fine (searching/selecting/saving values), except the GetItemByValue() method is never invoked, meaning the property ends up looking empty when editing, even though the property value is set.
The value is there, so it renders as expected - but there's no way for an editor to see what the actual property value is.
This is obviously quite confusing for web editors. :)
Can anyone confirm whether this is a bug?
This pointed me in the right direction: https://world.optimizely.com/forum/developer-forum/CMS/Thread-Container/2019/6/possible-iselectionquery-bug-for-getitembyvalue
The actual property value was a URL, which caused the request for the selectionquery REST store to fail.
Edit #2:This seems related: https://world.optimizely.com/forum/developer-forum/cms-12/thread-container/2023/1/iselectionquery-values-url-encoded
Im curious to the issue you are having Ted. Using a few AutoSuggestSelection in my latest work but i've not come across this issue.
Am I understanding correctly that you have an ISelectionQuery containing URLs? Do you have a screenshot of the issue? I assume its when the editor is attempting to what's already saved against the property but it's not visible?