Vulnerability in EPiServer.Forms
If this is the case, is there any way to turn this off?
You cannot get the extra fields value from SubmissionData in PostSubmitionActor, because the SubmissionData only contains values elements which are contained in FormContainerBlock. If you want to have your extra fields send with your form, you have to add a css class "Form__CustomElement" to your fields. Then on server you access them from raw submit data Request.Form.