Vulnerability in EPiServer.Forms
We would like to have a custom actor which dynamically generates a URL which we want browser to redirect user to after posting. How would we go about achieving this?
In this documentation https://world.episerver.com/documentation/developer-guides/forms/implementing-a-customized-actor/ I only find the following information:
Actors must return an object instance of a class which implements EPiServer.Forms.Core.PostSubmissionActor.Internal.ISubmissionActorResult.By implementing this interface, the returned result will have two properties:
If you only want to dynamically generate an URL and then redirect user to that URL you just need to override BuildReturnResultForSubmitAction method of DataSubmissionService class. The example below will redirect browswer to google site after submission.
public class CustomDatasubmissionService : DataSubmissionService
string message, HttpContextBase httpContext, FormContainerBlock formContainer = null, Dictionary<string, object> additionalParams = null,
SubmissionInfo submissionInfo = null, Submission submission = null, bool isProgressiveSubmit = false, string redirectUrl = "")
if (isSuccess) // only set redirect url when sucesss
// generate your own URL
baseResult.RedirectUrl = "http://google.com";
ISubmissionActorResult and ISyncOrderedSubmissionActor are available from Forms version 4.16. There may be several actors (both built-in and custom actors) will be run along with submission process. ActorsExecutingService is responsible for triggering all actors while submitting form.
1. Actors implementing ISyncOrderedSubmissionActor interface will be run first. If there are many instanace of this interface, they will be run in ascending order. SaveDataToStorageActor is one built-in actor implement this interface. SaveDataToStorageActor is responsible for saving data to storage and it has Order = 1000. So if you want to have another actor run before saving data to storage, that actor should implement ISyncOrderedSubmissionActor and set Order < 1000
2. Asynchronous actors (actors with IsSyncedWithSubmissionProcess is set to false) will be run (e.g built-in actor CallWebhookAfterSubmissionActor & SendEmailAfterSubmissionActor)
3. Synchronous actors (actors with IsSyncedWithSubmissionProcess is set to true) will be run.
Thanks for your reply, I will try this.
why would you register service explicitly in service collection and at the same time use ServiceConfiguration attribute?
Yes you're right, no need to use ServiceConfiguration attribute. I Edited the code.