Re: Form name field restrictions

I think a lot of these types of checks would involve javascript rather than Marketo system checks.  Sanford Whiteman​ would be the guy who could answer this best.

Quite so, use the onValidate method to run values through custom regular expressions.

"Special characters" would need to be quantified but if you want to filter certain Unicode characters that's certainly possible.

However, you mention "code" and I'm assuming you are trying to combat XSS attacks. You cannot validate/sanitize input solely in JS. Any JS validation can be easily skipped and the value inserted into your db. If you want to filter it, you must do that using a webhook on the server side, and you should also escape any output that results from unfiltered input (WebSec 101, methinks).

JS validation is an effective measure against unskilled humans trying to enter junk data.  It's not a weapon against actual hackers.

In my previous company we have used a tool which was called by webhooks.

Webhooks are issued from one server to another server, not from browsers to servers.

You may mean a remote service that's called from the browser. In this case all validation can be easily skipped, as I noted above.

If you truly mean a webhook called from a Marketo flow, while such a step can't be skipped, you still can't "throw an error before information passes to SFDC and/or Marketo" -- as the webhook is only executed after data has been initially populated in Marketo. (If you use proxy fields as a form of sandboxing, you can stop the data from overwriting your production fields, but otherwise the data will have already overwritten existing values.)