Vulnerability in EPiServer.Forms

Try our conversational search powered by Generative AI!

Email validation


Hi Guys, 

I have an issue: I am looking for a way that someone can only fill in a form just once and based on emailadress. So if you fill in a form that you have already filled in in the past, you are receiving an error (this emailadres already exists for example). 

Is it possible to validate on emailadress if someone filled in the form already? 

Dec 09, 2020 16:32

Yes! :-)

Have a look at the documentation for custom for actors, and notice that you are able to cancel a form submission and display an error message.

Dec 10, 2020 21:23

I did something simular by creating a custom actor to detect URLs in our form which you could modify to check for emails

  public class FilterURLActor : PostSubmissionActorBase, ISyncOrderedSubmissionActor
        public int Order => 1;

        public override object Run(object input)
            var result = new SubmissionActorResult { CancelSubmit = false, ErrorMessage = string.Empty };

            foreach (var i in this.SubmissionData.Data)
                if (FormsHelper.HasURL(i.Value.ToString())  && i.Key.ToString().Contains("field")  && !i.Value.ToString().Contains("@"))
                    result.ErrorMessage = "Error: URL in form.";
                    result.CancelSubmit = true;     
            return result;


I'm using a helper class called FormsHelper.HasURL(i.Value.ToString())  which I use to detect a URL.   I aslo have one for emails - this is the code I'm using. I know the regex for emails are... fun

        public static bool isProperEmail (string s)
            s = Regex.Replace(s, @"\A(?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?)\Z", "[[Email]]");
            if (s.Contains("[[Email]]"))
                return true;
                return false;


Anyway, this probably isn't the most elegant solution but it works.

Jan 22, 2021 18:30
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.