Sitecore Forms – Bypassing validation and overposting viewmodels
TLDR; Sitecore Forms is vulnerable for overposting which enables end-users to disable field validations. I’ve noticed that Sitecore Forms uses the default ASP.NET MVC model binding, and it binds the posted model to the FieldViewModel. As there is no validation on which properties of the FieldViewModel can be bound, we can post fields that should not …
Continue reading “Sitecore Forms – Bypassing validation and overposting viewmodels”