5 Replies Latest reply on Oct 31, 2017 5:40 AM by Sule Arifagaoglu

    Form name field restrictions

    Martin Arroyo

      Is it possible to make the following adjustment to the name fields on a form?

       

      First / Last Name fields cannot include the following:

      - Single characters

      - Numbers

      - Code

      - Special characters

        • Re: Form name field restrictions
          Gerard Donnelly

          I think a lot of these types of checks would involve javascript rather than Marketo system checks.  Sanford Whiteman would be the guy who could answer this best.

            • Re: Form name field restrictions
              Sanford Whiteman

              Quite so, use the onValidate method to run values through custom regular expressions.

               

              "Special characters" would need to be quantified but if you want to filter certain Unicode characters that's certainly possible.

               

              However, you mention "code" and I'm assuming you are trying to combat XSS attacks. You cannot validate/sanitize input solely in JS. Any JS validation can be easily skipped and the value inserted into your db. If you want to filter it, you must do that using a webhook on the server side, and you should also escape any output that results from unfiltered input (WebSec 101, methinks).

               

              JS validation is an effective measure against unskilled humans trying to enter junk data.  It's not a weapon against actual hackers.

              1 of 1 people found this helpful
            • Re: Form name field restrictions
              Sule Arifagaoglu

              In my previous company we have used a tool which was called by webhooks.

              Pros

              It protects your database from useless email addresses. i.e: mickeymouse@gmail.com or s@gmail.com

              Validates email addresses and phone numbers and throws an error before information passes to SFDC and/or Marketo.

               

              Cons

              You can't use phone number extensions which are common in Europe.

              It causes some delay on the form submission because it takes time to validate.

               

              I hope it would be helpful

               

              Sule

                • Re: Form name field restrictions
                  Sanford Whiteman

                  In my previous company we have used a tool which was called by webhooks.

                  Webhooks are issued from one server to another server, not from browsers to servers.

                   

                  You may mean a remote service that's called from the browser. In this case all validation can be easily skipped, as I noted above.

                   

                  If you truly mean a webhook called from a Marketo flow, while such a step can't be skipped, you still can't "throw an error before information passes to SFDC and/or Marketo" -- as the webhook is only executed after data has been initially populated in Marketo. (If you use proxy fields as a form of sandboxing, you can stop the data from overwriting your production fields, but otherwise the data will have already overwritten existing values.)