I dont find anything on the community about sql injection risks on Marketo forms. I assume this is because Marketo is safe from those risks. Can someone confirm?
I've never seen any -1's come through anywhere I wasn't expecting them. And it's not like you can echo field values straight to a query in a landing page, there's a ton of script handling in between the service and your page.
I've never seen any -1's come through anywhere I wasn't expecting them. And it's not like you can echo field values straight to a query in a landing page, there's a ton of script handling in between the service and your page.
Just to follow up on this- we do outside security audits that check for this type of issue (and others!) and carefully review code changes to ensure we aren't introducing these sorts of risks. All user input data is carefully handled and never used in a SQL statement without being properly escaped.
.png)