Description

The data entered in the WFFM form is not encoded during submitting. As a result, the "Assess security risk" WFFM verification action blocks the "<", ">" and "&" symbols and throws the following warning:

The field contains content that may present a security risk. Please enter appropriate information.

Solution 1

Apply the following patch to encode the unsafe symbols when a form is submitted:

1. Save an assembly corresponding to the installed WFFM version into the /bin folder:
   • For WFFM 8.0 - Sitecore.Support.363265
   • For WFFM 2.4-2.5 - Sitecore.Support.363265
   • For WFFM 2.3 - Sitecore.Support.363265
2. Set the following field values for the /sitecore/system/Modules/Web Forms for Marketers/Settings/Actions/Form Verification/Assess Security Risk item in the master database:
   • Assembly: Sitecore.Support.363265
   • Class: Sitecore.Support.Form.Submit.AssessSecurityRisk
   • Parameters: <UnsafeChars>&amp;|&gt;|&lt;</UnsafeChars><EnableEncodeUnsafeChars>true</EnableEncodeUnsafeChars>
3. Publish this item.

Note: the "UnsafeChars" parameter contains a list of unsafe chars separated with a pipe. You can disable encoding if you set the "EnableEncodeUnsafeChars" parameter value to "false".

Solution 2

Remove the "Assess security risk" action from the list of verification actions for the particular form:

1. Open the form item in the Content Editor;
2. Select "Raw Values" in the Ribbon (the "View" tab);
3. Remove the <li> node with ID {2D5B5061-747A-4477-BD41-E746EAFEB231} from the "Check actions" field.