SOLVED

Re: Progressive Profiling/Form Prefill on Embedded form

Go to solution
Justin_Cooperm2
Level 10

Re: Progressive Profiling/Form Prefill on Embedded form

Sanford Whiteman​ - sent you an email.

Anonymous
Not applicable

Re: Progressive Profiling/Form Prefill on Embedded form

I'm also interested in what you learned, but I can't see a place to PM you from here.

SanfordWhiteman
Level 10 - Community Moderator

Re: Progressive Profiling/Form Prefill on Embedded form

We have to be following each other. tl;dr I found a bug and a ticket is open. The feature is broken at present.

Anonymous
Not applicable

Re: Progressive Profiling/Form Prefill on Embedded form

Delivering Exceptional Skype for Business Quality of Experience | Exinda  -> Click this link, Marketo Form#1 will appear with 4 input fields. If you submit this page and come back again, MKTO + Cookies will have your info and Form#2 will load. You submit that and come back again, No Form (Form#3) will load and I've captured all the required info from you   I've used API calls to populate your missing info.

Its working for us! Thanks all sharing ideas

-Syed

SanfordWhiteman
Level 10 - Community Moderator

Re: Progressive Profiling/Form Prefill on Embedded form

... except you've introduced a DoS vulnerability by consuming an API call in response to individual end-user actions.

You've also created a wildcard CORS endpoint through which any third-party site can gather data on your leads just by knowing an email address.

I have major misgivings about this approach.

Anonymous
Not applicable

Re: Progressive Profiling/Form Prefill on Embedded form

Yes, agreed with DoS attack. But for now, we are not even close to our 10k daily limit.

Not sure about CORS, can you explain?

Also, waiting for your blog

SanfordWhiteman
Level 10 - Community Moderator

Re: Progressive Profiling/Form Prefill on Embedded form

Yes, agreed with DoS attack. But for now, we are not even close to our 10k daily limit.

But it'll take an elementary hacker a half-hour to break everything.  That's too risky for my environments.

Not sure about CORS, can you explain?

You've created an endpoint that would allow me to retrieve data from your Marketo instance from any other site on the web. I'd only need to have the email address of a lead.  Such a vulnerability exists whenever you use prefill, but it is not typically possible from the browser on other sites. The fact that I can access your data from any other domain means you can't block malicious use by IP, since it could come from anywhere: a hacker could induce unwitting leads to, in effect, hack themselves.

Anonymous
Not applicable

Re: Progressive Profiling/Form Prefill on Embedded form

Hi Sanford Whiteman,

So just to recap all this thread, progressive profiling does work for embedded forms for all form fields (standard and custom) by using this processes http://developers.marketo.com/blog/external-page-prefill/ ?

Thanks.

SanfordWhiteman
Level 10 - Community Moderator

Re: Progressive Profiling/Form Prefill on Embedded form

No, it does not.

The process described should never be used by a professional organization. It leaves your instance open to a trivial Denial of Service attack and while it may work in the "lab" is not fit for the real world.

Dan_Stevens_
Level 10 - Champion Alumni

Re: Progressive Profiling/Form Prefill on Embedded form

It should also be noted that "progressive profiling" works for embedded forms out-of-the-box.  PP is different than "form prefill"