Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

Users can submit forms with empty required fields

SeanLapointe
Level 4
Level 4

Hello,

 

I have an adaptive form with about two dozen fields that are marked as required fields, yet somehow I have users that are able to submit their form when some of these fields are empty. I have submitted hundreds of test forms in our test and production environments and am unable to replicate this behaviour.

 

Does anyone have any suggestions on potential solutions, or avenues of investigation that I can pursue for this issue?

11 Replies
PulkitJain
Employee
Employee

@SeanLapointe 

It will be interesting to check what steps these users are following to submit the form. Possible reasons could be browser version, mode of rendering the form, or maybe a difference in user permissions.

I can get on a call with you to check further, please DM the details.

SeanLapointe
Level 4
Level 4

Thanks, I will dm you  shortly.

 

I am not sure about the browser version of the users, but the form is an adaptive HTML form that is rendered when a task is started in a JEE workflow through the Workspace UI. The clients all have the same permissions.

Mayank_Gandhi
Community Advisor
Community Advisor

@SeanLapointe For the users who are able to submit try to get the dataxml and prefill and see what is causing the form to break. Force the validation on submit again in the form and see if the issue persists. 

SeanLapointe
Level 4
Level 4

Unless I am wrong, the prefill is what is generated and added to the form before the it is rendered and the dataxml is the data that the user submits, right? The prefill does not generate any information for the required fields and the dataxml is missing the information that the user is not adding to the form.

 

The form is not breaking. I have a stored procedure that inserts the form data to our financial database that is executed after the form is submitted. Since some of the required fields are empty, the SP fails to execute.

 

How would I re-route the form if the fields are empty, just assign a task to the submitter and use the dataxml to fill the form? This is staring to sound like a lot of work for something that shouldn't be happening in the first place.

 

FYI, for those following along, all my users are using the same version of Microsoft Edge and our page loads in Edge's IE 11 mode.

Mayank_Gandhi
Community Advisor
Community Advisor

@SeanLapointe If there are missing elements in prefill and the fields marked as required are not filled then also the form will fail to submit(ideally).

 

 

SeanLapointe
Level 4
Level 4

The empty fields are all marked as "required" and 99.5% of the time, the form alerts users to the empty fields and fails to submit. It's the .5% that fails that concerns me. If this happened only once or twice a year, I wouldn't worry about it, but it happens once or twice a week.

Mayank_Gandhi
Community Advisor
Community Advisor

@SeanLapointe Your best bet is to put a server-side validation to prevent any logic bypass from the client. 

Mayank_Gandhi
Community Advisor
Community Advisor

@SeanLapointe If you can get the data XML that would be more beneficial. 

 

PulkitJain
Employee
Employee

@SeanLapointe Thanks for explaining the issue further over call! 

One of the things worth checking is the pattern of fields (if there is one) that were selected each time by those users when the validation was bypassed on submission.

 

Meanwhile, as requested, could you please raise a ticket with support so that we can troubleshoot the issue further.

SeanLapointe
Level 4
Level 4

@Mayank_Gandhi Can you point me to some documentation on how to apply server-side validation to the client form? As for the XML data, I will need to wait until a client submits a request that fails in this way before I can capture that. That being said, the XML data that is produced looks the same as a successful request, except that the field is empty EX:

<PreviouslyTranslated\> instead of <PreviouslyTranslated>Y</PreviouslyTranslated>

 

@PulkitJain I raised a ticket with support on Thursday.

 

The most frequent fields that are not validated are drop down boxes. Of the other fields that do have validation, some have a maximum and minimum number of characters, and others use the rule builder. here is an example from a phone number field that used the rule builder:

if(this.value){
	var phoneRegex = /^[1-9]\d{2}-\d{3}-\d{4}/;
	var subjectString = this.value;
	if (phoneRegex.test(subjectString)) {
  		true;
	} else {
  		false;
	}
} else {
	true;
}
Mayank_Gandhi
Community Advisor
Community Advisor

@SeanLapointe  This is from the document itself

 

Server-Side Revalidation in Adaptive Form

Typically, in any online data capture system, developers place some JavaScript validations on client side to enforce a few business rules. But in modern browsers, end users have way to bypass those validations and manually do submissions using various techniques, Such as Web Browser DevTools Console. Such techniques are also valid for adaptive forms. A forms developer can create various validation logics, but technically, end users can bypass those validation logics and submit invalid data to the server. Invalid data would break the business rules that a forms author has enforced.

The server-side revalidation feature provides the ability to also run the validations that an adaptive forms author has provided while designing an adaptive form on the server. It prevents any possible compromise of data submissions and business rules violations represented in terms of form validations.

What to validate on the Server?

All out of the box (OOTB) field validations of an adaptive form that are rerun at the server are:

  • Required
  • Validation Picture Clause
  • Validation Expression

Enabling Server-side Validation

Use the Revalidate on server under Adaptive Form Container in the sidebar to enable or disable server-side validation for the current form.

 

 

If end-user bypass those validations and submit the forms, the server again performs the validation. If the validation fails at server end, then the submit transaction is stopped. The end user is presented with the orignal form again. The captured data and submitted data are presented to the user as an error.

Supporting Custom functions in Validation Expressions

At times, in case of complex validation rules, the exact validation script reside in custom functions and author calls these custom functions from field validation expression. To make this custom function library known and available while performing server-side validations, the form author can configure the name of AEM client library under the Basic tab of Adaptive Form Container properties as shown below.

 

Author can configure custom javascript library per adaptive form. In the library, only keep the reusable functions, which has dependency on jquery and underscore.js third-party libraries

 

https://experienceleague.adobe.com/docs/experience-manager-64/forms/adaptive-forms-basic-authoring/c....